severity 579631 wishlist thanks Philipp Kolmann <phil...@kolmann.at> writes:
> Hi, > > I got a new cert for my servers and updated also the certs for exim for TLS. > With dovecot and Apache I never had any issues but exim failed to start tls: > > 2010-04-29 09:43:26 TLS error on connection from xxx.tuwien.ac.at (XXXX) > [128.130.xx.xx] (cert/key setup: cert=/etc/exim4/exim.crt > key=/etc/exim4/exim.k > ey): Base64 decoding error. > > in the end I found out, that the header of the cert has an additional space > after the -----BEGIN CERTIFICATE----- and before the newline. > > gnutls fail then to decode the cert. openssl has no issues with the additinal > blank. Would it be possible to ignore this whitespace in gnutls as well? Hi! Thanks for identifying this, it could explain some similar reports we've seen. However I cannot reproduce this outside of exim, can you? I tried running 'certtool < foo' on a file 'foo' containing: -----BEGIN CERTIFICATE----- MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251 VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2 DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1 tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7 bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1 AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo= -----END CERTIFICATE----- but it worked fine. /Simon -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
