Bug#514578: LDAP STARTTLS is broken

Simon Josefsson simon at josefsson.org
Fri Feb 13 15:01:45 UTC 2009

Witold Baryluk <baryluk at smp.if.uj.edu.pl> writes:

> On 02-12 21:24, Simon Josefsson wrote:
>> Witold Baryluk <baryluk at smp.if.uj.edu.pl> writes:
>> > I had the same problem today with 2.4.2-5,
>> > on my Lenny boxes. 2.4.2-6 also doesn't work. Reverted not to 2.4.2-4.
>> >
>> > I will regenerate all certificates but this bug is quite invasive.
>> > Mayby there should be some flags in configuration, or more verbose
>> > information about problem on upgrade.
>> Can you elaborate on what you mean the "same problem"?  This bug report
>> discuss several distinct problems, and it helps to understand whether
>> your problem is with RSA-MD5 signatures or with V1 CAs, or something
>> else.
>> Thanks,
>> /Simon
> The same as orginal bugreport. My private CA certificate is signed with MD5.
> I know that it is not secure, but I suppose it can break lots of machnies
> if administrators of them will not be informed properly (or some environment
> flag for temporarly allowing this).
> Can provide any logs if needed.

Please do (gnutls-cli --print-cert -d 4711 against your server).  A
trusted root CA certificate signed with RSA-MD5 should not cause any
problems.  Only intermediate non-trusted certificates signed with
RSA-MD5 should be rejected.


More information about the Pkg-gnutls-maint mailing list