Your message dated Thu, 10 Nov 2011 15:55:52 +0000
with message-id <1320940552.27160.1.camel@leela>
and subject line Fixed a while ago
has caused the Debian Bug report #563127,
regarding gnutls-bin: Can no longer verify connections to my company's email
server
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
563127: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563127
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gnutls-bin
Version: 2.8.5-2
Severity: important
Today, Evolution stopped being able to connect to my company's email
server, claiming that the SSL certificate was bad. Thunderbird does not
have that problem, but while debugging the issue I found that gnutls-cli
does too.
I've kept the actual server details out of this public bug report;
please tell me what email address I can mail them to if you want to
debug the issue on your end.
$ gnutls-cli --x509cafile /etc/ssl/certs/Go_Daddy_Class_2_CA.pem --starttls -p
imap imap.example.com
Processed 1 CA certificate(s).
Resolving 'imap.example.com'...
Connecting to '192.0.2.1:143'...
- Simple Client Mode:
* OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT
LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS QUOTA STARTTLS LOGINDISABLED]
Dovecot ready.
a STARTTLS
a OK Begin TLS negotiation now.
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
- Using prime: 1024 bits
- Secret key: 1023 bits
- Peer's public key: 1020 bits
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
- subject `O=*.example.com,OU=Domain Control Validated,CN=*.example.com',
issuer `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\,
Inc.,OU=http://certificates.godaddy.com/repository,CN=Go Daddy Secure
Certification Authority,serialNumber=88888888', RSA key 2048 bits, signed using
RSA-SHA, activated `2009-04-21 10:59:00 UTC', expires `2010-04-30 15:52:40
UTC', SHA-1 fingerprint `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
- Certificate[1] info:
- subject `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\,
Inc.,OU=http://certificates.godaddy.com/repository,CN=Go Daddy Secure
Certification Authority,serialNumber=07969287', issuer `C=US,O=The Go Daddy
Group\, Inc.,OU=Go Daddy Class 2 Certification Authority', RSA key 2048 bits,
signed using RSA-SHA, activated `2006-11-16 01:54:37 UTC', expires `2026-11-16
01:54:37 UTC', SHA-1 fingerprint `7c4656c3061f7f4c0d67b319a855f60ebc11fc44'
- Certificate[2] info:
- subject `C=US,O=The Go Daddy Group\, Inc.,OU=Go Daddy Class 2 Certification
Authority', issuer `L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert
Class 2 Policy Validation
Authority,CN=http://www.valicert.com/,[email protected]', RSA key 2048
bits, signed using RSA-SHA, activated `2004-06-29 17:06:20 UTC', expires
`2024-06-29 17:06:20 UTC', SHA-1 fingerprint
`de70f4e2116f7fdce75f9d13012b7e687a3b2c62'
- Certificate[3] info:
- subject `L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert Class
2 Policy Validation
Authority,CN=http://www.valicert.com/,[email protected]', issuer
`L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert Class 2 Policy
Validation Authority,CN=http://www.valicert.com/,[email protected]', RSA
key 1024 bits, signed using RSA-SHA, activated `1999-06-26 00:19:54 UTC',
expires `2019-06-26 00:19:54 UTC', SHA-1 fingerprint
`317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca6'
- The hostname in the certificate matches 'imap.example.com'.
- Peer's certificate issuer is not a CA
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
*** Verifying server certificate failed...
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (530, 'testing'), (520, 'unstable'), (400, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gnutls-bin depends on:
ii libc6 2.10.2-2 GNU C Library: Shared libraries
ii libgcrypt11 1.4.4-6 LGPL Crypto library - runtime libr
ii libgnutls26 2.8.5-2 the GNU TLS library - runtime libr
ii libreadline6 6.0-5 GNU readline and history libraries
ii libtasn1-3 2.3-1 Manage ASN.1 structures (runtime)
ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime
gnutls-bin recommends no packages.
gnutls-bin suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
version: 2.12.2-1
Sorry for not updating this sooner. The problem seems to be resovled in
squeeze (but not in lenny).
Regards,
--
Sam Morris <[email protected]>
--- End Message ---
