[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more |
Date: |
Thu, 04 Dec 2008 21:06:47 +0200 |
User-agent: |
Thunderbird 2.0.0.18 (X11/20081125) |
Simon Josefsson wrote:
> I don't think MD2 should be required here: chain verification should not
> need to verify the RSA-MD2 self-signature in the CA cert, because that
> cert is marked as trusted.
>
> If there were other MD2 signatures involved, verification should
> definitely fail, but that doesn't seem to be the case with this chain.
>
> It seems this problem is caused by the chain validation algorithm now
> also look at the CA cert, but it didn't before the GNUTLS-SA-2008-3
> patch.
Ouch. Then it seems we correct the previous algorithm and revert to it.
I'll try to check it out.
regards,
Nikos
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Andreas Metzler, 2008/12/03
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Nikos Mavrogiannopoulos, 2008/12/04
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Simon Josefsson, 2008/12/04
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Tomas Mraz, 2008/12/04
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more,
Nikos Mavrogiannopoulos <=
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Nikos Mavrogiannopoulos, 2008/12/05
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Simon Josefsson, 2008/12/10
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Simon Josefsson, 2008/12/10
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Simon Josefsson, 2008/12/10
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Nikos Mavrogiannopoulos, 2008/12/10
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Simon Josefsson, 2008/12/11