deprecating MD5 in signature verification for gnutls-{cli, serv}

Simon Josefsson simon at
Tue Jan 6 22:50:56 CET 2009

Nikos Mavrogiannopoulos <nmav at> writes:

> Daniel Kahn Gillmor wrote:
>> On 01/06/2009 03:40 AM, Nikos Mavrogiannopoulos wrote:
>>> Looks like the correct thing to do. Apply it!
>> OK, it's applied to the git head.  Is this something that should be
>> backported to the 2.6 branch? 
> Since it is a bugfix i think it qualifies for backporting, but Simon
> should have the last word on that.

I agree, Daniel please backport it.  Please also add NEWS items for the

To avoid regressions, I'm adding the chain to the self-tests.  It would
be useful if we had a more comprehensive self-test suite for X.509
chaining, given the three latest problems it seems this is an
under-tested area.  There is the PKITS stuff, but its license is


More information about the Gnutls-devel mailing list