deprecating MD5 in signature verification for gnutls-{cli, serv}

Daniel Kahn Gillmor dkg at
Mon Jan 5 20:31:12 CET 2009

On 01/05/2009 01:48 PM, Tomas Mraz wrote:
> If the only MD5 used in signatures is in the _trusted_ CA cert (and not
> in the leaf and intermediate certificates) it is OK. But it is not the
> case of the site. But I don't see how the removal
> of the last selfsigned certificate from the chain could break the
> algorithm. There must be some different bug in play.

I agree with this assessment.  It would be really useful in debugging if
certtool was able to use the same internal algorithm that the other
tools use.  I'm sorry that i haven't had the time to debug this further yet.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090105/c02da6bb/attachment.pgp>

More information about the Gnutls-devel mailing list