Red Hat Bugzilla – Bug 987550
OCSP responses with MD5withRSA signatures are accepted as secure
Last modified: 2013-11-12 10:43:21 EST
Description of problem:
openssl ocsp client considers responses signed with MD5withRSA algorithm to be trustworthy
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Start an OCSP responder with CA certificates, make it sign responses using MD5withRSA
2. Try to verify any certificate signed by this CA
Response verify OK
This Update: Jul 23 15:48:26 2013 GMT
Response verification failure
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.