|
From: | Nikos Mavrogiannopoulos |
Subject: | Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more |
Date: | Thu, 04 Dec 2008 09:06:38 +0200 |
User-agent: | Thunderbird 2.0.0.18 (X11/20081125) |
Andreas Metzler wrote: > On 2008-12-03 Michael Kiefer <address@hidden> wrote: >> Package: libgnutls26 >> Version: 2.4.2-3 >> Severity: important > >> Since I updated libgnutls26 from 2.4.2-1 to 2.4.2-3 kMyMoney2 does >> not connect to my bank any more. When I run gnutls-cli --insecure >> -p 443 hbci-pintan-rp.s-hbci.de -d 4711 --print-cert it says > >> - Peer's certificate issuer is unknown >> - Peer's certificate is NOT trusted > [...] > > FWIW adding or dropping > http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/20_GNUTLS-SA-2008-3.patch?op=file&rev=0&sc=0 > indeed makes > > gnutls-cli -p 443 hbci-pintan-rp.s-hbci.de --x509cafile \ > /etc/ssl/certs/ca-certificates.crt It seems to me that MD2 is missing from newer gnutls and this is the reason why it fails. libgcrypt has the MD2 enumeration but not the actual implementation and this tricked me into removing the included md2. I will try to revert the old behavior of using an included version of md2. regards, Nikos
[Prev in Thread] | Current Thread | [Next in Thread] |