Bug#514578: LDAP STARTTLS is broken
Simon Josefsson
simon at josefsson.org
Sun Feb 15 15:37:52 UTC 2009
Witold Baryluk <baryluk at smp.if.uj.edu.pl> writes:
> On 02-13 16:01, Simon Josefsson wrote:
> > Can provide any logs if needed.
>>
>> Please do (gnutls-cli --print-cert -d 4711 against your server). A
>> trusted root CA certificate signed with RSA-MD5 should not cause any
>> problems. Only intermediate non-trusted certificates signed with
>> RSA-MD5 should be rejected.
>
> Strange because in my configuration, certificate of LDAP server
> is directly signed by my root CA certificate.
>
> http://smp.if.uj.edu.pl/~baryluk/ldaptlsdebug.txt
Your end-entity certificate is signed using RSA-MD5, so the reject is as
expected. A better description of the rejects might be "RSA-MD5
signatures in untrusted certificates".
/Simon
More information about the Pkg-gnutls-maint
mailing list