Bug 987550
| Summary: | OCSP responses with MD5withRSA signatures are accepted as secure | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Hubert Kario <hkario> | |
| Component: | openssl | Assignee: | Tomas Mraz <tmraz> | |
| Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 6.4 | CC: | azelinka | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1020341 (view as bug list) | Environment: | ||
| Last Closed: | 2013-11-12 15:43:21 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1020341 | |||
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. |
Description of problem: openssl ocsp client considers responses signed with MD5withRSA algorithm to be trustworthy Version-Release number of selected component (if applicable): openssl-1.0.0-27.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Start an OCSP responder with CA certificates, make it sign responses using MD5withRSA 2. Try to verify any certificate signed by this CA Actual results: Response verify OK certs/server_cert.pem: good This Update: Jul 23 15:48:26 2013 GMT Expected results: Response verification failure Additional info: