deprecating MD5 in signature verification for gnutls-{cli, serv}

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Jan 6 09:40:51 CET 2009


Daniel Kahn Gillmor wrote:
> On 01/05/2009 02:31 PM, Daniel Kahn Gillmor wrote:
>>  I'm sorry that i haven't had the time to debug this further yet.
> 
> Ok, i got to look into it tonight with gdb against the gnutls 2.6.3
> libraries (i'm using the versions from debian experimental).  here's
> what i found:
> 
> gnutls_certificate_verify_peers2() ultimately calls
> _gnutls_verify_certificate2(), which (at lib/x509/verify.c:321) properly
> sets the flags in the output variable, but does not set ret to 0.
> 
> gnutls_x509_crt_list_verify(), the immediate caller of
> _gnutls_verify_certificate2(), does not check the data in *output unless
> the return code is actually zero.
> 
> So i suspect that the following is the correct patch (against the git
> head), but i have not tested it yet (and i need to sleep before it gets
> any later):
> 
> diff --git a/lib/x509/verify.c b/lib/x509/verify.c
> index 02964ba..c00b4bf 100644
> --- a/lib/x509/verify.c
> +++ b/lib/x509/verify.c
> @@ -320,6 +320,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
>  	{
>  	  if (output)
>  	    *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
> +	  ret = 0;
>  	}
>      }
> 
> @@ -1036,6 +1037,7 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
>        {
>  	if (output)
>  	  *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
> +	ret = 0;
>        }
>    }
> 
> Any thoughts about this proposal?  This would affect the built-in X.509
> verification routines, not just gnutls-cli and gnutls-serv.

Looks like the correct thing to do. Apply it!

regards,
Nikos





More information about the Gnutls-devel mailing list