On Thu, 06 Jul 2017 03:36:56 +0200 Christian Marillat wrote: > On 06 juil. 2017 00:51, Francesco Poli <invernom...@paranoici.org> wrote: > > > Control: severity -1 grave > > Nothing grave here. Severity set to normal. I use sitecopy everyday > without problem.
You lucky boy! ;-) Could you please help me to become a little bit luckier? > > [...] > > > > On my up-to-date Debian buster box, I am no longer able to update > > websites via webdav over SSL: > > > > $ sitecopy --update MYSITE > > sitecopy: Updating site `MYSITE' (on www.example.org in > > /dav/MYSITE/html-MYSITE/) > > sitecopy: Error: Certificate verification error: signed using insecure > > algorithm > > Sitecopy don't claim to be compliant with any protocols... But the protocol did not change: it's still WebDAV over SSL, as it was when everything was working fine. Something else changed between June, the 22nd and July, the 6th. > > This bug is maybe related to libneon27-gnutls (configration problem) : > > https://bugs.debian.org/530510#117 This bug is old: how can it be related with an issue I only began experiencing during the last 30 days? Please help me to debug the issue: I tried to connect with gnutls-cli (shipped by package gnutls-bin) and obtained the following relevant output: $ gnutls-cli -p 443 www.[...].org Processed 166 CA certificate(s). Resolving 'www.[...].org:443'... Connecting to '[...]:443'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `CN=[...].org', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', serial 0x[...], RSA key 2048 bits, signed using RSA-SHA256, activated `2017-06-29 [...] UTC', expires `2017-09-27 [...] UTC', pin-sha256="[...]" Public Key ID: sha1:[...] sha256:[...] Public Key PIN: pin-sha256:[...] Public key's random art: +--[ RSA 2048]----+ [...] +-----------------+ - Certificate[1] info: - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=" - Status: The certificate is trusted. - Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM) - Session ID: [...] - Ephemeral EC Diffie-Hellman parameters - Using curve: SECP256R1 - Curve size: 256 bits - Version: TLS1.2 - Key Exchange: ECDHE-RSA - Server Signature: RSA-SHA512 - Cipher: AES-256-GCM - MAC: AEAD - Compression: NULL - Options: safe renegotiation, - Handshake was completed - Simple Client Mode: - Peer has closed the GnuTLS connection Which is the insecure algorithm used to sign the server certificate? Why does sitecopy complain? Please help me to understand where the problem is. Thanks for your time! -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpVRkiBHc5t0.pgp
Description: PGP signature
