On Fri, 31 Dec 2010 05:40:31 +0300 sergio <mail...@sergio.spb.ru> wrote:
> On 12/31/2010 03:18 AM, Ricardo Mones wrote: > > > That seems fine, and is the default configuration, but you referred > > to a "Debian CAcert root certificate", which is not among these (there's > > a debconf one and a SPI one, but no certificate called "Debian" exists). > Sorry, I haven't understood. I'm talking about CAcert. It is free > certificate authority, and their root certificate comes in o > ca-certificates. And have my server, with certificate signed by CAcert. > > % openssl x509 -text -in /etc/ssl/certs/cacert.org.pem > ... > Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing > Authority/emailaddress=supp...@cacert.org > Validity > Not Before: Mar 30 12:29:49 2003 GMT > Not After : Mar 29 12:29:49 2033 GMT > Subject: O=Root CA, OU=http://www.cacert.org, CN=CA Cert > Signing Authority/emailaddress=supp...@cacert.org > ... Right, but that's not "Debian CAcert", which was my point and the bit which was misleading me. > I'm absolutely sure that this is claws-mail bug, because all other > programs works well. (mutt, icedove, iceweasel, psi, gajim, gaim and > many other). If ca-certificates not installed, all this programs (except > of mozilla) shows ssl warning. If ca-certificates installed all this > programs trust my server. There's probably a lot of users (me among them) which use claws-mail with SSL everyday, so I'm also absolutely sure claws-mail has no bug here, but it's a problem with your configuration or your expectations :) > > In any case, once you're sure the certificate is correctly installed > > and trusted, please launch "claws-mail --debug> debug.log 2>&1"... > I don't think, that all log is interested. Of course, but I don't know you, so I don't know if you can separate the interesting parts from the uninteresting ones. Glad to know you can. > I've substituted path to home and my imap server with $HOME and $SERVER > Folder $HOME/.claws-mail/certs doesn't exists. This is where client certificates are stored. > ... > [05:04:22] IMAP4> 1 STARTTLS > [05:04:22] IMAP4< 1 OK Begin TLS negotiation now > imap-thread.c:1174:imap starttls run - end 0 > imap-thread.c:403:generic_cb > imap-thread.c:1217:imap starttls - end > ssl_certificate.c:433:didn't get $HOME/.claws-mail/certs/$SERVER.143.cert > ssl_certificate.c:571:got 142 certs in ca_list! 0xff8890ac > ssl_certificate.c:571:got 142 certs in ca_list! 0xff888edc > ... > > I've just reread warning, that claws shows, it's strange: Why is strange? You don't have installed the client certificate under ~/.claws-mail/certs for your server so it has to download it and ask you for verification. If it's correct you should accept it. Did you? > Unknown SSL Certificate > Certificate for equator.ru.net is unknown. > Do you want to accept it? > Signature status: Correct > View certificate > Owner > Name: equator.ru.net > Organization: <not in certificate> > Location: <not in certificate> > > Signer > Name: CA Cert Signing Authority > Organization: Root CA > Location: <not in certificate> > > Status > Fingerprint: MD5: <md5hash> > SHA1: <sha1hash> > Signature Status: Correct > Expires on: 11/03/18(Fri) 20:59 > > -- > sergio. regards, -- Ricardo Mones http://people.debian.org/~mones «Abandon the search for Truth; settle for a good fantasy.»
signature.asc
Description: PGP signature