Bug#514578: LDAP STARTTLS is broken
Simon Josefsson
simon at josefsson.org
Fri Feb 13 15:01:45 UTC 2009
Witold Baryluk <baryluk at smp.if.uj.edu.pl> writes:
> On 02-12 21:24, Simon Josefsson wrote:
>> Witold Baryluk <baryluk at smp.if.uj.edu.pl> writes:
>>
>> > I had the same problem today with 2.4.2-5,
>> > on my Lenny boxes. 2.4.2-6 also doesn't work. Reverted not to 2.4.2-4.
>> >
>> > I will regenerate all certificates but this bug is quite invasive.
>> > Mayby there should be some flags in configuration, or more verbose
>> > information about problem on upgrade.
>>
>> Can you elaborate on what you mean the "same problem"? This bug report
>> discuss several distinct problems, and it helps to understand whether
>> your problem is with RSA-MD5 signatures or with V1 CAs, or something
>> else.
>>
>> Thanks,
>> /Simon
>
> The same as orginal bugreport. My private CA certificate is signed with MD5.
> I know that it is not secure, but I suppose it can break lots of machnies
> if administrators of them will not be informed properly (or some environment
> flag for temporarly allowing this).
>
> Can provide any logs if needed.
Please do (gnutls-cli --print-cert -d 4711 against your server). A
trusted root CA certificate signed with RSA-MD5 should not cause any
problems. Only intermediate non-trusted certificates signed with
RSA-MD5 should be rejected.
/Simon
More information about the Pkg-gnutls-maint
mailing list