On Thursday 27 October 2005 10:56, Simon Josefsson wrote: > > This cannot be solved. This certificate uses MD2 which is not included in > > libgcrypt as yet. I don't know if there are plans to include it in the > > future though. > We could add a MD2 implementation to gnulib, to make GnuTLS support > this when MD2 is not available through libgcrypt. I'm working on this > now. That would be nice to have.
> However, I am skeptical about supporting MD2, and even MD5, by > default. I know GnuTLS certtool print a warning about MD5, but the > library does not, and most GnuTLS library users probably doesn't > either. Hmmm... about MD5 we are going to get a bunch of complaints if it is not enabled by default. But that would be the right way to do given that is not that hard to generate colliding certificates: http://www.win.tue.nl/~bdeweger/CollidingCertificates/index.html > > I think we should disable both MD2 and MD5, and introduce an API to > modify gnutls_certificate_verify_peers2, a'la > gnutls_enable_insecure_algorithm (&session, GNUTLS_SIGN_RSA_MD2) This will not be necessary if we introduce the flags below. verify_peers2 will use the flags from gnutls_certificate_set_verify_flags(). > and a new gnutls_certificate_verify_flags enumeration type, for > gnutls_x509_crt_verify calls, e.g.: > GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 > GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 Yes it is indeed a very nice idea. Security must be an issue in the library. > Cheers, > Simon -- Nikos Mavrogiannopoulos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
