On Sat, Sep 01, 2018 at 06:21:05PM +, Debian Bug Tracking System wrote:
>
> There's no reportbug.debian.org website, so it shouldn't have a SAN on
> 443.
and yet it does exist:
http://reportbug.debian.org/ shows:
Welcome to buxtehude!
This is buxtehude, a system run by and for the Debian
I just checked, and reportbug.debian.org is still offering an invalid
certificate using STARTTLS on port 587 (submission):
$ echo quit|openssl s_client -connect reportbug.debian.org:submission
-starttls smtp -brief
depth=0 C = NA, ST = NA, L = Ankh Morpork, O = Debian SMTP, OU = Debian SMTP
CA,
In addition, the https certificate is still invalid as well:
$ curl -Iv https://reportbug.debian.org
* Rebuilt URL to: https://reportbug.debian.org/
* Trying 209.87.16.39...
* TCP_NODELAY set
* Connected to reportbug.debian.org (209.87.16.39) port 443 (#0)
* ALPN, offering h2
* ALPN, offering
On Fri, 29 Jun 2018, Sandro Tosi wrote:
> > In the changelog for reportbug, it refers to the SMTP server as
> > reportbug.debian.org. However, when connecting to reportbug.debian.org
> > port 587, and using STARTTLS, an invalid certificate is presented.
> >
> > Version: 3 (0x2)
> > Serial
On the other hand, https to bugreport.debian.org (port 443) is nearly
correct:
* Server certificate:
*subject: CN=bugs.debian.org
*start date: 2018-05-05 00:09:24 GMT
*expire date: 2018-08-03 00:09:24 GMT
*subjectAltName does not match reportbug.debian.org
> In the changelog for reportbug, it refers to the SMTP server as
> reportbug.debian.org. However, when connecting to reportbug.debian.org
> port 587, and using STARTTLS, an invalid certificate is presented.
>
> Version: 3 (0x2)
> Serial Number: 3836 (0xefc)
> Signature
Package: reportbug
Version: 7.1.10
Severity: minor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Maintainer,
In the changelog for reportbug, it refers to the SMTP server as
reportbug.debian.org. However, when connecting to reportbug.debian.org
port 587, and using STARTTLS, an invalid
7 matches
Mail list logo
