Bug#737921: [TLS1.2] gnutls only likes SHA1 and SHA256 certificates
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Feb 6 23:43:34 UTC 2014
Hi Jan--
On 02/06/2014 06:14 PM, Jan Nordholz wrote:
> Package: gnutls26
> Version: 2.12.23-10
[...]
> Better not be an early adopter and create certificates with SHA512...
> downgraded the certificate's hash algorithm, and it works flawlessly again.
>
> This error message "Insufficient credentials for that request" *really* has
> to go away or to be replaced with something more meaningful. Calling this
> "misleading" is still euphemistic...
I agree this is a bad error message for the situation where the digest
isn't supported.
Have you tested this against libgnutls28? GnuTLS 3.2.10-2 is the latest
version in jessie and sid, and 3.2.8.1-2~bpo70+1 is in wheezy-backports.
I believe you'll find it resolved in this version.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20140206/09af9ef2/attachment.sig>
More information about the Pkg-gnutls-maint
mailing list