diff options
| author | Simon Josefsson <simon@josefsson.org> | 2005-11-01 20:36:47 +0000 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2005-11-01 20:36:47 +0000 |
| commit | 6fcf41bc02596bd72ee7943157a789d93210a171 (patch) | |
| tree | 573e8a094e5578a88246f2e447f6c121a043f12a | |
| parent | 24b248253ce26cf646151ef9710814ad00d3dade (diff) | |
| download | gnutls-6fcf41bc02596bd72ee7943157a789d93210a171.tar.gz | |
Add.
| -rw-r--r-- | doc/signatures.texi | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/doc/signatures.texi b/doc/signatures.texi index 992dbecfa0..0fe86ceb84 100644 --- a/doc/signatures.texi +++ b/doc/signatures.texi @@ -66,4 +66,40 @@ less than brute force. Using the birthday paradox the brute force attack takes @math{2^{hash size \over 2}}operations. Today colliding certificates using the MD5 hash algorithm have been generated as shown in @mybibcite{WEGER}. - +@subsubsection Trading security for interoperability + +If you connect to a server and use GnuTLS' functions to verify the +certificate chain, and get a @ref{GNUTLS_CERT_INSECURE_ALGORITHM} +validation error (@pxref{Verifying X.509 certificate paths}), it means +that somewhere in the certificate chain there is a certificate signed +using @code{RSA-MD2} or @code{RSA-MD5}. These two digital signature +algorithms are considered broken, so GnuTLS fail when attempting to +verify the certificate. In some situations, it may be useful to be +able to verify the certificate chain anyway, assuming an attacker did +not utilize the fact that these signatures algorithms are broken. +This section will give help on how to achieve that. + +First, it is important to know that you do not have to enable any of +the flags discussed here to be able to use trusted root CA +certificates signed using @code{RSA-MD2} or @code{RSA-MD5}. The only +attack today is that it is possible to generate certificates with +colliding signatures; you cannot forge signatures. + +If you are using @ref{gnutls_certificate_verify_peers2} to verify the +certificate chain, you can call +@ref{gnutls_certificate_set_verify_flags} with the +@code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2} or +@code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5} flag, as in: + +@example + gnutls_certificate_set_verify_flags (x509cred, + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5); +@end example + +This will tell the verifier algorithm to enable @code{RSA-MD5} when +verifying the certificates. + +If you are using @ref{gnutls_x509_crt_verify} or +@ref{gnutls_x509_crt_list_verify}, you can pass the +@code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5} parameter directly in the +@code{flags} parameter. |