[Date Prev][Date Next] [Chronological] [Thread] [Top]

Ubuntu Jaunty Certificate Issue Solved

To: openldap-technical@openldap.org
Subject: Ubuntu Jaunty Certificate Issue Solved
From: gruntler-ldap@yahoo.com
Date: Tue, 7 Jul 2009 04:30:51 -0700 (PDT)
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1246966252; bh=22OYsYsn4k3VQ+VlLvdi/SLtmxMXw/Q+4wb8zPnMh7c=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=QLhHbRJggRDQqFAO/DD0x0yi/uhzWIifRHemgFKU35hmXO/noNS88PEYQVop4dNXRn9Ef9JNoNEcfVJpbMWBj3Z6m7IQ+eHok4WaQcty855VBDtoV08PQPPfkqIeOrbEEw04oHArDfHRZ3yvxf7IBMOA8hFc0Mfd7WgCmgqhLZE=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=E5JKh+UWBEZKzcIdiF80oEkS2/yie32UC6rYAkMYWsTwO2lJdNyMr0wpBeaRm3fK9WH6p0uuM5TfGwJpdr7yxIzapS0wZnrwrhkRNZrvJQBA2l8MwZ2NHgVxmQNmDQIuH9180ZXbeM2Gj7CkH6Ya8ZU9nnKVU+DdN0+jNH0KH8o=;

Hi,

Ubuntu distributes a patched version of GNUtls 2.6.x.

Run:

 gnutls-cli -VV --print-cert -p 636 my-ldap-server.com 2>&1 | egrep 'RSA-MD5|warning'

See no output.  Using "-d 4711" instead of "-VV" doesn't show any problems either.

Download the real GNUtls 2.8.1 and build it and try again:

Run:

/opt/gnutls/bin/gnutls-cli -VV --print-cert -p 636 my-ldap-server.com 2>&1 | egrep 'RSA-MD5|warning'
        Signature Algorithm: RSA-MD5
warning: signed using a broken signature algorithm that can be forged.

Note that the CA cert is secure, it's the LDAP server's cert that was weak.

-Ken

Prev by Date: Re: Virtual List View
Next by Date: slapd-ldap proxy
Index(es):
- Chronological
- Thread