touch-packages team mailing list archive

Thread
Date

[Bug 1532911] Re: [regression] 2.12.23-12ubuntu2.4 breaks sha512 certificates

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Kees Cook <kees@xxxxxxxxxx>
Date: Mon, 11 Jan 2016 21:19:07 -0000
Reply-to: Bug 1532911 <1532911@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thanks to mdeslaur for finding that the _root_ cert is the problem, not
mine, nor a code problem with gnutls:

http://blog.cacert.org/2015/12/re-signing-root-certificate/

** Changed in: gnutls26 (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in Ubuntu.
https://bugs.launchpad.net/bugs/1532911

Title:
  [regression] 2.12.23-12ubuntu2.4 breaks sha512 certificates

Status in gnutls26 package in Ubuntu:
  Invalid

Bug description:
  $ gnutls-cli -p 587 smtp.outflux.net -s --print-cert
  STARTTLS
  ctrl-D
  *** Starting TLS handshake
  *** Fatal error: The signature algorithm is not supported.
  *** Handshake has failed

  This does not happen with 2.12.23-12ubuntu2.3.

  $ echo QUIT | openssl s_client -connect smtp.outflux.net:587 -starttls smtp -showcerts 2>/dev/null | openssl x509 -noout -text
  ...
      Signature Algorithm: sha512WithRSAEncryption
  ...
              Public Key Algorithm: rsaEncryption
  ...

  There's no MD5 visible.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1532911/+subscriptions

References

[Bug 1532911] [NEW] [regression] 2.12.23-12ubuntu2.4 breaks sha512 certificates
From: Kees Cook, 2016-01-11