[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more
From: |
Simon Josefsson |
Subject: |
Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more |
Date: |
Wed, 10 Dec 2008 15:32:50 +0100 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.60 (gnu/linux) |
My approach introduced a problem with the pkcs1-padding self-test that
uses certtool --verify-chain, and the self-test assumes that the last
certificate is actually verified against its own public key... so
short-cutting the validation of trust anchors changed the semantics of
one public interface. Sigh. So I have reverted my patch.
Simon Josefsson <address@hidden> writes:
> I believe that is wrong: with your patch it will fail when the CA is
> self-signed using RSA-MD2.
There aren't many of those around, so I think we can leave it as a
documented bug that self-signed RSA-MD2 certificate cannot be used as a
trust anchor. One might see that as a feature, even. ;)
I've aligned the self-tests with Nikos' approach.
/Simon
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Andreas Metzler, 2008/12/03
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Nikos Mavrogiannopoulos, 2008/12/04
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Simon Josefsson, 2008/12/04
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Tomas Mraz, 2008/12/04
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Nikos Mavrogiannopoulos, 2008/12/04
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Nikos Mavrogiannopoulos, 2008/12/05
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Simon Josefsson, 2008/12/10
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Simon Josefsson, 2008/12/10
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more,
Simon Josefsson <=
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Nikos Mavrogiannopoulos, 2008/12/10
- Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more, Simon Josefsson, 2008/12/11