Re: deprecating MD5 in signature verification for gnutls-{cli, serv}

[Simon Josefsson]

Daniel Kahn Gillmor <address@hidden> writes:

> On 01/05/2009 01:48 PM, Tomas Mraz wrote:
>> If the only MD5 used in signatures is in the _trusted_ CA cert (and not
>> in the leaf and intermediate certificates) it is OK. But it is not the
>> case of the support.mayfirst.org site. But I don't see how the removal
>> of the last selfsigned certificate from the chain could break the
>> algorithm. There must be some different bug in play.
>
> I agree with this assessment.  It would be really useful in debugging if
> certtool was able to use the same internal algorithm that the other
> tools use.

Indeed, and I've now made that happen.  Look at the final line at:

address@hidden:~/src/gnutls/src master$ (echo | gnutls-cli --print-cert 
--x509cafile /etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem 
support.mayfirst.org; cat 
/etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem) | ./certtool -e
Certificate[0]: C=US,O=support.mayfirst.org,OU=GT69079880,OU=See 
www.rapidssl.com/resources/cps (c)07,OU=Domain Control Validated - 
RapidSSL(R),CN=support.mayfirst.org
        Issued by: C=US,O=Equifax Secure Inc.,CN=Equifax Secure Global 
eBusiness CA-1
        Verifying against certificate[1].
        Verification output: Not verified, Insecure algorithm.

Certificate[1]: C=US,O=Equifax Secure Inc.,CN=Equifax Secure Global eBusiness 
CA-1
        Issued by: C=US,O=Equifax Secure Inc.,CN=Equifax Secure Global 
eBusiness CA-1
        Verification output: Verified.

Chain verification output: Not verified, Insecure algorithm.
address@hidden:~/src/gnutls/src master$ 

The last line contains the result from validating the chain using the
library algorithm.  The flags are always 0 which can vary from how
libgnutls is used by applications, though, but at least this is a step
in the right direction.

/Simon