gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more

From: Simon Josefsson
Subject: Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more
Date: Wed, 10 Dec 2008 15:32:50 +0100
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.60 (gnu/linux) 
My approach introduced a problem with the pkcs1-padding self-test that
uses certtool --verify-chain, and the self-test assumes that the last
certificate is actually verified against its own public key...  so
short-cutting the validation of trust anchors changed the semantics of
one public interface.  Sigh.  So I have reverted my patch.

Simon Josefsson <address@hidden> writes:

> I believe that is wrong: with your patch it will fail when the CA is
> self-signed using RSA-MD2.

There aren't many of those around, so I think we can leave it as a
documented bug that self-signed RSA-MD2 certificate cannot be used as a
trust anchor.  One might see that as a feature, even. ;)

I've aligned the self-tests with Nikos' approach.

/Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]