diff -up gnutls-1.4.1/lib/x509/verify.c.nomd2 gnutls-1.4.1/lib/x509/verify.c
--- gnutls-1.4.1/lib/x509/verify.c.nomd2	2010-02-19 15:34:16.000000000 +0100
+++ gnutls-1.4.1/lib/x509/verify.c	2010-03-03 15:38:39.000000000 +0100
@@ -325,6 +325,8 @@ _gnutls_verify_certificate2 (gnutls_x509
 	{
 	  if (output)
 	    *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
+	  if (sigalg == GNUTLS_SIGN_RSA_MD2) /* we really fail only for MD2 for now */
+	    ret = 0;
 	}
     }
 
@@ -1031,6 +1033,8 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t c
       {
 	if (output)
 	  *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
+        if (sigalg == GNUTLS_SIGN_RSA_MD2) /* we really fail only for MD2 for now */
+	  ret = 0;
       }
   }