deprecating MD5 in signature verification for gnutls-{cli, serv}

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jan 7 02:08:44 CET 2009


On 01/06/2009 04:50 PM, Simon Josefsson wrote:
> I agree, Daniel please backport it.  Please also add NEWS items for the
> change.

OK, this is now done.  i've backported for 2.6, but not for any earlier
branch.  this is such a trivial change that it would be no problem for
me to backport it to other branches if folks think that's the right
thing to do.  What branches are we targetting for this level of support?

> To avoid regressions, I'm adding the chain to the self-tests.  It would
> be useful if we had a more comprehensive self-test suite for X.509
> chaining, given the three latest problems it seems this is an
> under-tested area.  There is the PKITS stuff, but its license is
> unclear...

Thanks for adding that test, simon.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090106/72c36f84/attachment.pgp>


More information about the Gnutls-devel mailing list