Bug#514578: libgnutls26: ldapsearch also not working here
On Mon, 2009-02-09 at 15:09 +0100, Hermann Lauer wrote: > Subject: libgnutls26: ldapsearch also not working here > Followup-For: Bug #514578 > Package: libgnutls26 > Version: 2.4.2-5 > > *** Please type your report below this line *** > Same error here from ldapsearch. > > Our certificates indeed contains: > > Signature Algorithm: md5WithRSAEncryption > > Are there any workarounds without renewing all md5WithRSAEncryption > certs? If you can get out-of-band verification that an intermediary certificate signed using RSA-MD5 is the correct certificate and you are willing to trust it for verification, you can add that RSA-MD5 cert explicitly to your certificate trust list. With 2.4.2-6, gnutls will stop looking after finding a trusted intermediate certificate. Of course, this work around requires that all gnutls based clients that talks to your site has the intermediate certificate in their trusted cert list. The proper fix is to get a new certificate for your server that isn't part of a RSA-MD5 chain. More background on the insecurity of RSA-MD5 is available from: http://www.win.tue.nl/hashclash/rogue-ca/ /Simon -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#514578: libgnutls26: ldapsearch also not working here
Subject: libgnutls26: ldapsearch also not working here Followup-For: Bug #514578 Package: libgnutls26 Version: 2.4.2-5 *** Please type your report below this line *** Same error here from ldapsearch. Our certificates indeed contains: Signature Algorithm: md5WithRSAEncryption Are there any workarounds without renewing all md5WithRSAEncryption certs? Thanks, Hermann -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libgnutls26 depends on: ii libc6 2.7-18GNU C Library: Shared libraries ii libgcrypt111.4.1-1 LGPL Crypto library - runtime libr ii libgpg-error0 1.4-2 library for common error values an ii libtasn1-3 1.4-1 Manage ASN.1 structures (runtime) ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime libgnutls26 recommends no packages. Versions of packages libgnutls26 suggests: ii gnutls-bin2.4.2-5the GNU TLS library - commandline -- no debconf information -- Netzwerkadministration/Zentrale Dienste, Interdiziplinaeres Zentrum fuer wissenschaftliches Rechnen der Universitaet Heidelberg IWR; INF 368; 69120 Heidelberg; Tel: (06221)54-8236 Fax: -5224 Email: hermann.la...@iwr.uni-heidelberg.de -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org