[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Ubuntu Jaunty Certificate Issue Solved
- To: openldap-technical@openldap.org
- Subject: Ubuntu Jaunty Certificate Issue Solved
- From: gruntler-ldap@yahoo.com
- Date: Tue, 7 Jul 2009 04:30:51 -0700 (PDT)
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1246966252; bh=22OYsYsn4k3VQ+VlLvdi/SLtmxMXw/Q+4wb8zPnMh7c=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=QLhHbRJggRDQqFAO/DD0x0yi/uhzWIifRHemgFKU35hmXO/noNS88PEYQVop4dNXRn9Ef9JNoNEcfVJpbMWBj3Z6m7IQ+eHok4WaQcty855VBDtoV08PQPPfkqIeOrbEEw04oHArDfHRZ3yvxf7IBMOA8hFc0Mfd7WgCmgqhLZE=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=E5JKh+UWBEZKzcIdiF80oEkS2/yie32UC6rYAkMYWsTwO2lJdNyMr0wpBeaRm3fK9WH6p0uuM5TfGwJpdr7yxIzapS0wZnrwrhkRNZrvJQBA2l8MwZ2NHgVxmQNmDQIuH9180ZXbeM2Gj7CkH6Ya8ZU9nnKVU+DdN0+jNH0KH8o=;
Hi,
Ubuntu distributes a patched version of GNUtls 2.6.x.
Run:
gnutls-cli -VV --print-cert -p 636 my-ldap-server.com 2>&1 | egrep 'RSA-MD5|warning'
See no output. Using "-d 4711" instead of "-VV" doesn't show any problems either.
Download the real GNUtls 2.8.1 and build it and try again:
Run:
/opt/gnutls/bin/gnutls-cli -VV --print-cert -p 636 my-ldap-server.com 2>&1 | egrep 'RSA-MD5|warning'
Signature Algorithm: RSA-MD5
warning: signed using a broken signature algorithm that can be forged.
Note that the CA cert is secure, it's the LDAP server's cert that was weak.
-Ken