deprecating MD5 in signature verification for gnutls-{cli, serv}
Simon Josefsson
simon at josefsson.org
Tue Jan 6 22:50:56 CET 2009
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> Daniel Kahn Gillmor wrote:
>> On 01/06/2009 03:40 AM, Nikos Mavrogiannopoulos wrote:
>>> Looks like the correct thing to do. Apply it!
>
>> OK, it's applied to the git head. Is this something that should be
>> backported to the 2.6 branch?
>
> Since it is a bugfix i think it qualifies for backporting, but Simon
> should have the last word on that.
I agree, Daniel please backport it. Please also add NEWS items for the
change.
To avoid regressions, I'm adding the chain to the self-tests. It would
be useful if we had a more comprehensive self-test suite for X.509
chaining, given the three latest problems it seems this is an
under-tested area. There is the PKITS stuff, but its license is
unclear...
/Simon
More information about the Gnutls-devel
mailing list