[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#9017: 24.0.50; gnutls.c: [0] (Emacs) fatal error: Key usage violatio

From: Lars Ingebrigtsen
Subject: bug#9017: 24.0.50; gnutls.c: [0] (Emacs) fatal error: Key usage violation in certificate has been detected.
Date: Wed, 25 Jan 2012 23:35:35 +0100
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux)

Ted Zlatanov <address@hidden> writes:

> "This certificate restricts its usage to key encipherment. For TLS this
> is restricted to only the RSA key exchange. By misconfiguration however
> the server allows you to connect with a ciphersuite that violates this
> usage and that's why gnutls-cli fails to connect."

I'm afraid I don't understand what this is saying at all.  :-)

> I may be misunderstanding the intent, but I thought globally you're
> saying you'll allow restricted certificates.  I'm not sure that's ideal
> and I think it is insecure, but I'm not so sure anymore after thinking
> about it more carefully.
> Either way it seems that `gnutls-algorithm-priority' will have to be one
> of those string-or-alist-or-function variables, so you can disable
> security altogether for specific hosts that need it.  I can add that
> support if you think it's reasonable.

I think the nice way to handle this would be to prompt the user here.
With something like "The server provides buggy dhe-rsa credentials;
connect anyway?" or something, which would result in "-dhe-rsa" being
added to the variable.

But as you point out, it should be on a per-host basis, probably...

(domestic pets only, the antidote for overdose, milk.)
  http://lars.ingebrigtsen.no  *  Sent from my Rome

reply via email to

[Prev in Thread] Current Thread [Next in Thread]