Your message dated Fri, 02 Jan 2015 12:40:16 +0000
with message-id <[email protected]>
and subject line Bug#767610: Removed package(s) from unstable
has caused the Debian Bug report #481132,
regarding libgnutls26: should use EDH only if server cert supports it
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
481132: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481132
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libgnutls26
Version: 2.2.3-1
Severity: important
I regenerated my SSL certificates today (due to the security advisory)
and mutt now refuses to connect to my SMTP server with STARTTLS. This
is obviously unsuitable.
Using cyrus-clients-2.3's smtptest (which uses OpenSSL) does not object
to the certificate. You can find the old certificate, which worked
fine, at
http://crustytoothpaste.ath.cx/cgi-bin/pyca/view-cert.py/ServerCerts/server?18
. I generated them exactly the same way, and they appear to have
exactly the same extensions. The MTA is sendmail, which uses OpenSSL.
Feel free to test against my machine if you want.
Transcript of session:
lakeview ok % gnutls-cli -p 587 -s crustytoothpaste.ath.cx
Resolving 'crustytoothpaste.ath.cx'...
Connecting to '172.16.0.1:587'...
- Simple Client Mode:
220 crustytoothpaste.ath.cx ESMTP spoken here
EHLO lakeview.crustytoothpaste.ath.cx
250-crustytoothpaste.ath.cx Hello [172.16.3.249], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 15000000
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
STARTTLS
220 2.0.0 Ready to start TLS
*** Starting TLS handshake
*** Fatal error: Key usage violation in certificate has been detected.
*** Handshake has failed
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.25-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libgnutls26 depends on:
ii libc6 2.7-11 GNU C Library: Shared libraries
ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr
ii libgpg-error0 1.4-2 library for common error values an
ii libopencdk10 0.6.6-1 Open Crypto Development Kit (OpenC
ii libtasn1-3 1.4-1 Manage ASN.1 structures (runtime)
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
libgnutls26 recommends no packages.
-- no debconf information
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Version: 2.12.23-17+rm
Dear submitter,
as the package gnutls26 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/767610
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
