diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2005-03-04 21:28:17 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2005-03-04 21:28:17 +0000 |
commit | 80cb1ad7493cf163f92de2f234fef219bc953953 (patch) | |
tree | 6330dc9603ab7482c4bf42d1a701783549e57f99 /src | |
parent | 8e5bce300cd9bcbba989fbc317f5c42ad8a74013 (diff) | |
download | gnutls-80cb1ad7493cf163f92de2f234fef219bc953953.tar.gz |
added warning when MD5 is being used.
Diffstat (limited to 'src')
-rw-r--r-- | src/certtool.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/certtool.c b/src/certtool.c index 0a777fbde9..5c147aed6a 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1,7 +1,7 @@ /* + * Copyright (C) 2004,2005 Free Software Foundation * Copyright (C) 2004 Simon Josefsson * Copyright (C) 2003 Nikos Mavroyanopoulos - * Copyright (C) 2004 Free Software Foundation * * This file is part of GNUTLS. * @@ -809,9 +809,10 @@ void gaa_parser(int argc, char **argv) out_cert_format = GNUTLS_X509_FMT_PEM; if (info.hash!=NULL) { - if (strcasecmp(info.hash, "md5")==0) + if (strcasecmp(info.hash, "md5")==0) { + fprintf(stderr, "Warning: MD5 is broken, and should not be used any more for digital signatures.\n"); dig = GNUTLS_DIG_MD5; - else if (strcasecmp(info.hash, "sha1")==0) + } else if (strcasecmp(info.hash, "sha1")==0) dig = GNUTLS_DIG_SHA; else if (strcasecmp(info.hash, "rmd160")==0) dig = GNUTLS_DIG_RMD160; @@ -1030,6 +1031,9 @@ static void print_certificate_info(gnutls_x509_crt crt, FILE * out, if (cprint == NULL) cprint = UNKNOWN; fprintf(out, "%s\n", cprint); + if (ret == GNUTLS_SIGN_RSA_MD5 || ret == GNUTLS_SIGN_RSA_MD2) { + fprintf(stderr, "Warning: certificate uses a broken signature algorithm that can be forged.\n"); + } } /* Validity @@ -1316,7 +1320,7 @@ static void print_certificate_info(gnutls_x509_crt crt, FILE * out, if (all) { size = sizeof(buffer); if ((ret = - gnutls_x509_crt_get_fingerprint(crt, GNUTLS_DIG_MD5, buffer, + gnutls_x509_crt_get_fingerprint(crt, GNUTLS_DIG_SHA, buffer, &size)) < 0) { fprintf(out, "Error in fingerprint calculation: %s\n", gnutls_strerror(ret)); |