Whoos with GnuTLS and md5-signed certificates
Florian Weimer
fw at deneb.enyo.de
Sat Feb 14 13:32:01 UTC 2009
* Bastian Blank:
> GnuTLS stopped accepting MD5 as a proper signature type for certificates
> just two weeks before the release. While I don't question the decision
> themself, MD5 is broken since 4 years, I question the timing.
GNUTLS has rejected RSA-MD5 signatures in X.509 certificate chains
since version 1.2.9.
> Yesterday several people started to complain that they could not longer
> connect to their ldap servers, many of them using pam-ldap and nss-ldap.
> A quick look showed certificates in the chain which was signed with MD5.
Are you sure this isn't #514807?
More information about the Pkg-gnutls-maint
mailing list