Re: Whoos with GnuTLS and md5-signed certificates

2009-02-24 Thread Florian Weimer
* Florian Weimer: > Would those who have an interest in this topic please test the patch > in > > > > and report if it improves things for them? Thanks. For the record, it's very likely that we are soon to release updates

Re: Whoos with GnuTLS and md5-signed certificates

2009-02-16 Thread Florian Weimer
Would those who have an interest in this topic please test the patch in and report if it improves things for them? Thanks. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscri

Re: Whoos with GnuTLS and md5-signed certificates

2009-02-15 Thread Steve Langasek
On Fri, Feb 13, 2009 at 02:46:17PM +0100, Bastian Blank wrote: > GnuTLS stopped accepting MD5 as a proper signature type for certificates > just two weeks before the release. While I don't question the decision > themself, MD5 is broken since 4 years, I question the timing. > Yesterday several pe

Re: Whoos with GnuTLS and md5-signed certificates

2009-02-15 Thread Brian May
Daniel Kahn Gillmor wrote: Are there any concrete proposals for how to deal with this systematically within debian without leaving GnuTLS users in lenny perpetually gullible to MD5-based forgeries, or improperly-trusted V1 certificates? Unless you want to "fix" openssl, Firefox, etc, Lenny u

Re: Whoos with GnuTLS and md5-signed certificates

2009-02-15 Thread Daniel Kahn Gillmor
On 02/13/2009 08:46 AM, Bastian Blank wrote: > GnuTLS stopped accepting MD5 as a proper signature type for certificates > just two weeks before the release. While I don't question the decision > themself, MD5 is broken since 4 years, I question the timing. > > Yesterday several people started to c

Re: Whoos with GnuTLS and md5-signed certificates

2009-02-14 Thread Brian May
Florian Weimer wrote: Yesterday several people started to complain that they could not longer connect to their ldap servers, many of them using pam-ldap and nss-ldap. A quick look showed certificates in the chain which was signed with MD5. Are you sure this isn't #514807? Also see #514

Re: Whoos with GnuTLS and md5-signed certificates

2009-02-14 Thread Andreas Metzler
On 2009-02-14 Florian Weimer wrote: > * Bastian Blank: >> GnuTLS stopped accepting MD5 as a proper signature type for certificates >> just two weeks before the release. While I don't question the decision >> themself, MD5 is broken since 4 years, I question the timing. > GNUTLS has rejected RSA-M

Re: Whoos with GnuTLS and md5-signed certificates

2009-02-14 Thread Florian Weimer
* Bastian Blank: > GnuTLS stopped accepting MD5 as a proper signature type for certificates > just two weeks before the release. While I don't question the decision > themself, MD5 is broken since 4 years, I question the timing. GNUTLS has rejected RSA-MD5 signatures in X.509 certificate chains s

Whoos with GnuTLS and md5-signed certificates

2009-02-13 Thread Bastian Blank
Hi folks GnuTLS stopped accepting MD5 as a proper signature type for certificates just two weeks before the release. While I don't question the decision themself, MD5 is broken since 4 years, I question the timing. Yesterday several people started to complain that they could not longer connect to