TLS gmplib.org
Vincent Lefevre
vincent at vinc17.net
Mon Jun 8 11:05:59 UTC 2020
On 2020-06-08 11:31:46 +0200, Torbjorn Granlund wrote:
> Vincent Lefevre <vincent at vinc17.net> writes:
>
> This is mentioned here (in French):
>
> https://news.gandi.net/fr/2020/06/un-certificat-root-a-expire-le-30-mai-2020/
>
> I can see that gmplib.org does not have the right certificate chain.
> It uses the old one:
>
> We removed the expired key. Thanks hello at seby.io for reporting.
>
> (I read the text Vincent pointed me to. It is not very clear.)
This seems to be a combination of 2 issues:
1. The presence of an expired certificate. In Debian, this is
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961907
(fixed a few days ago).
2. The fact that it can be chosen by gnutls even though there exists
a valid certificate chain:
https://gitlab.com/gnutls/gnutls/-/issues/1008
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961889
(fixed in Debian/unstable, but not in stable (buster) yet).
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the gmp-discuss
mailing list