Whoos with GnuTLS and md5-signed certificates

Florian Weimer fw at deneb.enyo.de
Sat Feb 14 13:32:01 UTC 2009

* Bastian Blank:

> GnuTLS stopped accepting MD5 as a proper signature type for certificates
> just two weeks before the release. While I don't question the decision
> themself, MD5 is broken since 4 years, I question the timing.

GNUTLS has rejected RSA-MD5 signatures in X.509 certificate chains
since version 1.2.9.

> Yesterday several people started to complain that they could not longer
> connect to their ldap servers, many of them using pam-ldap and nss-ldap.
> A quick look showed certificates in the chain which was signed with MD5.

Are you sure this isn't #514807?

More information about the Pkg-gnutls-maint mailing list