* Florian Weimer:
Would those who have an interest in this topic please test the patch
in
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=97;bug=514807;mbox=yes
and report if it improves things for them? Thanks.
For the record, it's very likely that we are soon to release updates
with
Would those who have an interest in this topic please test the patch
in
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=97;bug=514807;mbox=yes
and report if it improves things for them? Thanks.
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of
On 02/13/2009 08:46 AM, Bastian Blank wrote:
GnuTLS stopped accepting MD5 as a proper signature type for certificates
just two weeks before the release. While I don't question the decision
themself, MD5 is broken since 4 years, I question the timing.
Yesterday several people started to
Daniel Kahn Gillmor wrote:
Are there any concrete proposals for how to deal with this
systematically within debian without leaving GnuTLS users in lenny
perpetually gullible to MD5-based forgeries, or improperly-trusted V1
certificates?
Unless you want to fix openssl, Firefox, etc, Lenny
On Fri, Feb 13, 2009 at 02:46:17PM +0100, Bastian Blank wrote:
GnuTLS stopped accepting MD5 as a proper signature type for certificates
just two weeks before the release. While I don't question the decision
themself, MD5 is broken since 4 years, I question the timing.
Yesterday several
* Bastian Blank:
GnuTLS stopped accepting MD5 as a proper signature type for certificates
just two weeks before the release. While I don't question the decision
themself, MD5 is broken since 4 years, I question the timing.
GNUTLS has rejected RSA-MD5 signatures in X.509 certificate chains
On 2009-02-14 Florian Weimer f...@deneb.enyo.de wrote:
* Bastian Blank:
GnuTLS stopped accepting MD5 as a proper signature type for certificates
just two weeks before the release. While I don't question the decision
themself, MD5 is broken since 4 years, I question the timing.
GNUTLS has
Florian Weimer wrote:
Yesterday several people started to complain that they could not longer
connect to their ldap servers, many of them using pam-ldap and nss-ldap.
A quick look showed certificates in the chain which was signed with MD5.
Are you sure this isn't #514807?
Also see
Hi folks
GnuTLS stopped accepting MD5 as a proper signature type for certificates
just two weeks before the release. While I don't question the decision
themself, MD5 is broken since 4 years, I question the timing.
Yesterday several people started to complain that they could not longer
connect
9 matches
Mail list logo
