[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Certificate verification failed
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: [Help-gnutls] Certificate verification failed |
Date: |
Wed, 26 Oct 2005 23:30:54 +0200 |
User-agent: |
KMail/1.8.2 |
On Wednesday 26 October 2005 22:31, Dima Barsky wrote:
> Hello,
> I have a small python application which uses pycurl to
> download my bank statements every week. I was using
> pycurl built with openssl until recently and the
> application worked fine. A few days ago I upgraded the
> pycurl and the libcurl packages (they are now built with GnuTLS 1.2.8)
> and the application stopped working, it does not accept the bank's
> certificate any more. This small script illustrates the problem:
Hi,
I've run this server's certificates through certtool:
$ certtool -e -d 2 <list
[...]
Certificate[1]: O=VeriSign Trust Network,OU=VeriSign\, Inc.,OU=VeriSign
International Server CA - Class 3,OU=www.verisign.com/CPS Incorp.by Ref.
LIABILITY LTD.(c)97 VeriSign
Issued by: O=VeriSign Trust Network,OU=VeriSign\, Inc.,OU=VeriSign
International Server CA - Class 3,OU=www.verisign.com/CPS Incorp.by Ref.
LIABILITY LTD.(c)97 VeriSign
Verifying against certificate[2].
|<2>| ASSERT: verify.c:129
|<2>| ASSERT: verify.c:252
Verification output: Not verified, Issuer is not a CA.
^^^^^^^^^^^^
This can be solved by upgrading your libcurl.
Certificate[2]: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification
Authority
Issued by: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary
Certification Authority
|<1>| verify.c: HASH OID: 1.2.840.113549.2.2
|<2>| ASSERT: verify.c:447
|<2>| ASSERT: verify.c:496
|<2>| ASSERT: verify.c:568
|<2>| ASSERT: verify.c:282
Verification output: Not verified.
^^^^^^^^^^^^
This cannot be solved. This certificate uses MD2 which is not included in
libgcrypt as yet. I don't know if there are plans to include it in the future
though.
Anyway MD2 is an old and broken algorithm and should not be used for signing
certificates.
--
Nikos Mavrogiannopoulos
- [Help-gnutls] Certificate verification failed, Dima Barsky, 2005/10/26
- Re: [Help-gnutls] Certificate verification failed, Daniel Stenberg, 2005/10/26
- Re: [Help-gnutls] Certificate verification failed,
Nikos Mavrogiannopoulos <=
- [Help-gnutls] Re: Certificate verification failed, Simon Josefsson, 2005/10/27
- Re: [Help-gnutls] Re: Certificate verification failed, Daniel Stenberg, 2005/10/27
- [Help-gnutls] Re: Certificate verification failed, Simon Josefsson, 2005/10/27
- [Help-gnutls] Re: Certificate verification failed, Daniel Stenberg, 2005/10/28
- [Help-gnutls] Re: Certificate verification failed, Simon Josefsson, 2005/10/28
- [Help-gnutls] Re: Certificate verification failed, Simon Josefsson, 2005/10/28
Re: [Help-gnutls] Certificate verification failed, Daniel Stenberg, 2005/10/27