Ubuntu
gnutls26 package

[regression] 2.12.23-12ubuntu2.4 breaks sha512 certificates

Bug #1532911 reported by Kees Cook on 2016-01-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	gnutls26 (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

$ gnutls-cli -p 587 smtp.outflux.net -s --print-cert
STARTTLS
ctrl-D
*** Starting TLS handshake
*** Fatal error: The signature algorithm is not supported.
*** Handshake has failed

This does not happen with 2.12.23-12ubuntu2.3.

$ echo QUIT | openssl s_client -connect smtp.outflux.net:587 -starttls smtp -showcerts 2>/dev/null | openssl x509 -noout -text
...
Signature Algorithm: sha512WithRSAEncryption
...
Public Key Algorithm: rsaEncryption
...

There's no MD5 visible.

Revision history for this message

Kees Cook (kees) wrote on 2016-01-11:

Thanks to mdeslaur for finding that the _root_ cert is the problem, not mine, nor a code problem with gnutls:

http://blog.cacert.org/2015/12/re-signing-root-certificate/

Changed in gnutls26 (Ubuntu):
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntugnutls26 package

[regression] 2.12.23-12ubuntu2.4 breaks sha512 certificates

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
gnutls26 package