deprecating MD5 in signature verification for gnutls-{cli,serv}

Daniel Kahn Gillmor dkg at
Wed Dec 31 00:14:16 CET 2008

Hi folks--

In light of the recent demonstration of an attack against
X.509 PKI  using weaknesses in MD5 [0], i'm quite happy to
see that you must explicitly enable the use of MD5 for
certificate validation in gnutls for over 3 years
(from the 2005-11-07 NEWS entry):

- Due to cryptographic advances, verifying untrusted X.509
  certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
  GNUTLS_CERT_INSECURE_ALGORITHM verification output.  For
  applications that must remain interoperable, you can use the
  flags when verifying certificates.  Naturally, this is not
  recommended default behaviour for applications.  To enable the
  broken algorithms, call gnutls_certificate_set_verify_flags with the
  proper flag, to change the verification mode used by

However, gnutls-cli seems to blithely accept certificates that *are*
signed with an md5 hash.  You can see this from a debian system with:

echo | gnutls-cli --print-cert --x509cafile /etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem | certtool -i

This seems to be the case with both 2.4.2-4 and 2.6.3-1, afaict, 
but i haven't tested with 2.7.x. 

Are there plans to change this?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20081230/a6f55a45/attachment.pgp>

More information about the Gnutls-devel mailing list