Package: libneon27-gnutls
Version: 0.30.2-2
Severity: normal
Dear Maintainer,
I am using sitecopy for very long to push my modification on my website
through WebDAV/SSL and everything was well until a few months ago.
Then, sitecopy started to refuse to write on the remote server issuing
the following error statement:
Certificate verification error: signed using insecure algorithm
After a few research in the code of sitecopy, I manage to focus a bit
more on the origin of the problem. Here is an excerpt of an ltrace from
an erroneous run on sitecopy:
=================================================================
fopen("/home/fleury/.sitecopy/homepage."..., "w") = 0x5cf417a230
ne_session_create(0x5cf3d1907b, 0x5cf415ba70, 443, 0x7f17310904a0) =
0x5cf417bb60
ne_has_support(1, 0x5cf3d19081, 0x70747468, 0x737074) = 1
access("/home/fleury/.sitecopy/homepage."..., 4) = 0
ne_ssl_cert_read(0x5cf4179e90, 4, 0x70747468, 0x7f1731090777) = 0x5cf41e1930
ne_ssl_set_verify(0x5cf417bb60, 0x5cf3d149a0, 0x5cf4179cb0, 0) =
0x5cf41e1930
ne_set_notifier(0x5cf417bb60, 0x5cf3d14950, 0, 0) = 0x5cf41e1930
ne_set_useragent(0x5cf417bb60, 0x5cf3d19081, 0, 0) = 0x5cf4178ccb
ne_set_server_auth(0x5cf417bb60, 0x5cf3d14a40, 0x5cf4179cc0,
0x2e302f6e6f656e20) = 0
ne_path_escape(0x5cf415c5d0, 0, 0x5cf41e7480, 0x7f173134cb00) = 0x5cf4165950
ne_options(0x5cf417bb60, 0x5cf4165950, 0x7fffccdb28a0,
0x662f6f737265702f) = 1
free(0x5cf4165950) = <void>
ne_get_error(0x5cf417bb60, 1, 0xfffffff9, 0) = 0x5cf417bcd8
ne_strdup(0x5cf417bcd8, 1, 0xfffffff9, 0) = 0x5cf43a3890
ne_get_error(0x5cf417bb60, 0x5cf417bb60, 0x6d687469726f67,
0x6e6f697461636966) = 0x5cf417bcd8
ne_strdup(0x5cf417bcd8, 0x5cf417bb60, 0x6d687469726f67,
0x6e6f697461636966) = 0x5cf43a38e0
ne_session_destroy(0x5cf417bb60, 0x5cf417bd18, 0x6d687469726f67,
0x6e6f697461636966) = 1
dcgettext(0, 0x5cf3d1952f, 5, 0x5cf3d1b328) = 0x5cf3d1952f
__printf_chk(1, 0x5cf3d1952f, 0x7fffccdb33eb, 0x5cf43a38e0) = 81
__snprintf_chk(0x7fffccdb1a20, 4096, 1, 4096) = 39
fwrite("<?xml version="1.0" encoding="IS"..., 1, 44, 0x5cf417a230) = 44
fwrite("<sitestate version='1.0'>\n", 1, 26, 0x5cf417a230) = 26
=================================================================
The error start to appear around the call to ne_ssl_set_verify().
In fact, I looked at other tools to update my website and got similar
problem when trying to access the WebDAVs file-system. For example, the
tool fuserdav was issuing the exact same error:
=================================================================
$ fusedav https://webdav.labri.fr/ mountpoint_dir/
PROPFIND failed: Certificate verification error: signed using insecure
algorithm
PROPFIND failed: Certificate verification error: signed using insecure
algorithm
... last message repeated again and again ...
=================================================================
Yet, the certificate of the web server seems to be okay when checked
with gnutls-cli:
=================================================================
$ gnutls-cli --ca-verification --verbose www.labri.fr
Processed 148 CA certificate(s).
Resolving 'www.labri.fr:443'...
Connecting to '2001:660:6101:404::80:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 0156904be054caf74df8e4e5a488d01a
Issuer: CN=TERENA SSL CA 3,O=TERENA,L=Amsterdam,ST=Noord-Holland,C=NL
Validity:
Not Before: Tue Jun 07 00:00:00 UTC 2016
Not After: Wed Jun 12 12:00:00 UTC 2019
Subject: CN=*.labri.fr,O=Direction des Systèmes
d'Information,L=Pessac,ST=Aquitaine,C=FR
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:c9:b4:82:26:c5:12:74:c8:d1:f1:c6:e5:f5:d2:1e
04:7d:87:7d:4d:8d:8d:8a:4f:bd:00:0a:e6:dc:54:4b
db:9b:d5:63:31:ab:e3:01:78:75:ce:ea:c5:f5:ad:03
8f:38:d3:92:a0:e6:91:6f:6e:ee:9d:65:45:87:ee:ab
69:b3:d6:21:a7:c4:2b:bb:35:e7:76:f8:73:76:57:75
59:1a:25:f8:19:40:0c:98:3f:08:4c:f9:1b:e8:58:a9
68:b3:f7:a3:a0:24:65:3d:6b:92:6e:cb:22:c7:d6:01
0a:60:ea:d6:35:f4:fc:31:77:36:4b:4f:05:d1:6f:97
b7:00:f6:d2:9e:4e:ec:d7:65:0e:00:38:e5:b8:69:39
1c:45:4f:43:0f:3e:bf:3f:8d:36:47:22:44:96:65:7d
6b:73:37:6a:a4:73:d6:be:ec:90:22:df:fe:98:fb:3a
11:96:87:3f:81:ec:a4:e1:2c:0f:ed:76:5e:12:9a:aa
c6:e7:af:48:52:e7:be:bb:f7:97:09:c8:3f:1e:38:63
d6:8e:d3:b3:f5:aa:b6:3a:2d:d7:fd:f5:de:74:45:1b
4b:69:65:fa:81:a9:60:2a:a6:4a:36:ad:ab:b3:9c:24
17:65:3e:dc:8a:e9:c0:c1:73:d7:22:63:12:60:94:37
9f
Exponent (bits 24):
01:00:01
Extensions:
Authority Key Identifier (not critical):
67fd8820142798c709d22519bbe9511163755062
Subject Key Identifier (not critical):
3deee41c1bc325699244fe400cff7f77647a69e2
Subject Alternative Name (not critical):
DNSname: *.labri.fr
DNSname: labri.fr
Key Usage (critical):
Digital signature.
Key encipherment.
Key Purpose (not critical):
TLS WWW Server.
TLS WWW Client.
CRL Distribution points (not critical):
URI: http://crl3.digicert.com/TERENASSLCA3.crl
URI: http://crl4.digicert.com/TERENASSLCA3.crl
Certificate Policies (not critical):
2.16.840.1.114412.1.1
URI: https://www.digicert.com/CPS
2.23.140.1.2.2
Authority Information Access (not critical):
Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
Access Location URI: http://ocsp.digicert.com
Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
Access Location URI:
http://cacerts.digicert.com/TERENASSLCA3.crt
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Signature Algorithm: RSA-SHA256
Signature:
8f:9f:d4:7c:4d:51:9c:f4:d4:b8:43:9e:cf:6e:89:47
f5:c8:20:8f:73:02:b2:eb:99:53:ac:9f:8b:31:63:a8
7f:67:58:40:3c:98:84:0b:84:16:82:00:6a:a9:64:01
94:ef:81:28:0d:45:61:b7:19:01:86:25:3c:52:c8:e2
26:25:f1:08:34:9d:34:f3:be:11:aa:38:8c:f5:7e:58
03:cf:2e:7e:09:73:94:86:3f:9e:1b:49:5e:10:43:64
5c:92:d6:62:15:3f:69:ed:4a:41:a3:69:91:3a:bb:5e
fd:1d:52:fd:47:38:79:f0:c1:48:d7:f3:9e:6a:87:b4
77:ae:2f:39:82:2e:71:76:1d:12:59:95:65:73:d0:c0
c4:0d:4a:5c:52:1c:ff:14:73:e3:a2:28:ba:54:77:1d
1d:0d:de:5e:1c:de:53:4d:a7:98:b4:4a:ca:ef:99:27
18:5f:63:e6:29:8c:54:90:72:f5:52:ea:2d:13:90:0d
f9:f2:96:34:ea:70:6a:c9:8c:0a:80:7a:24:7d:8c:5b
b8:fd:43:19:17:18:ab:9b:2e:e6:69:c9:da:bc:82:4e
64:b5:7b:b5:6c:bd:ba:76:58:1f:20:46:08:96:ee:9c
ac:b3:f6:da:ae:d0:60:eb:4f:88:ee:90:14:cd:84:ae
Other Information:
Fingerprint:
sha1:bb3d2b468575afad8e7b87a082a7eb0d44ece22c
sha256:be778cfda353b61600168e4eb7c018a6b48991eed293b90cf1fb967d69436ce2
Public Key ID:
sha1:046c505e0de1a21a90b2a957b0e42685b7867d9d
sha256:8af02140b526b62badac883b4607854c77f03ed7b565af5b934fbabb62f9cacc
Public Key PIN:
pin-sha256:ivAhQLUmtiutrIg7RgeFTHfwPte1Za9bk0+6u2L5ysw=
Public key's random art:
+--[ RSA 2048]----+
| .+o ++ |
| o .o+ . |
|= = .o o |
|.@ + o + |
|= O + E S |
|.+ = |
|. o |
| . |
| |
+-----------------+
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIQAVaQS+BUyvdN+OTlpIjQGjANBgkqhkiG9w0BAQsFADBk
MQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJ
QW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wg
Q0EgMzAeFw0xNjA2MDcwMDAwMDBaFw0xOTA2MTIxMjAwMDBaMHcxCzAJBgNVBAYT
AkZSMRIwEAYDVQQIEwlBcXVpdGFpbmUxDzANBgNVBAcTBlBlc3NhYzEuMCwGA1UE
CgwlRGlyZWN0aW9uIGRlcyBTeXN0w6htZXMgZCdJbmZvcm1hdGlvbjETMBEGA1UE
AwwKKi5sYWJyaS5mcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMm0
gibFEnTI0fHG5fXSHgR9h31NjY2KT70ACubcVEvbm9VjMavjAXh1zurF9a0DjzjT
kqDmkW9u7p1lRYfuq2mz1iGnxCu7Ned2+HN2V3VZGiX4GUAMmD8ITPkb6FipaLP3
o6AkZT1rkm7LIsfWAQpg6tY19PwxdzZLTwXRb5e3APbSnk7s12UOADjluGk5HEVP
Qw8+vz+NNkciRJZlfWtzN2qkc9a+7JAi3/6Y+zoRloc/geyk4SwP7XZeEpqqxuev
SFLnvrv3lwnIPx44Y9aO07P1qrY6Ldf99d50RRtLaWX6galgKqZKNq2rs5wkF2U+
3IrpwMFz1yJjEmCUN58CAwEAAaOCAc0wggHJMB8GA1UdIwQYMBaAFGf9iCAUJ5jH
CdIlGbvpURFjdVBiMB0GA1UdDgQWBBQ97uQcG8MlaZJE/kAM/393ZHpp4jAfBgNV
HREEGDAWggoqLmxhYnJpLmZygghsYWJyaS5mcjAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0
dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3JsMC+gLaArhilo
dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNybDBMBgNVHSAE
RTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdp
Y2VydC5jb20vQ1BTMAgGBmeBDAECAjBuBggrBgEFBQcBAQRiMGAwJAYIKwYBBQUH
MAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA4BggrBgEFBQcwAoYsaHR0cDov
L2NhY2VydHMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcnQwDAYDVR0TAQH/
BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAj5/UfE1RnPTUuEOez26JR/XIII9zArLr
mVOsn4sxY6h/Z1hAPJiEC4QWggBqqWQBlO+BKA1FYbcZAYYlPFLI4iYl8Qg0nTTz
vhGqOIz1flgDzy5+CXOUhj+eG0leEENkXJLWYhU/ae1KQaNpkTq7Xv0dUv1HOHnw
wUjX855qh7R3ri85gi5xdh0SWZVlc9DAxA1KXFIc/xRz46IoulR3HR0N3l4c3lNN
p5i0SsrvmScYX2PmKYxUkHL1UuotE5AN+fKWNOpwasmMCoB6JH2MW7j9QxkXGKub
LuZpydq8gk5ktXu1bL26dlgfIEYIlu6crLP22q7QYOtPiO6QFM2Erg==
-----END CERTIFICATE-----
- Certificate[1] info:
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 0870bcc5af3fdb959a91cb6aeeefe465
Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert
Inc,C=US
Validity:
Not Before: Tue Nov 18 12:00:00 UTC 2014
Not After: Mon Nov 18 12:00:00 UTC 2024
Subject: CN=TERENA SSL CA 3,O=TERENA,L=Amsterdam,ST=Noord-Holland,C=NL
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:c5:76:0f:0f:d9:43:29:3b:6c:6d:d1:47:ad:de:10
bf:23:c2:78:a8:4a:77:35:f1:23:5b:e0:4c:1e:41:e7
c2:31:00:bd:88:37:45:75:dd:b9:02:10:80:1e:8f:ed
64:23:04:45:a7:a0:39:3b:81:4d:cf:63:3f:c2:49:ff
22:9e:88:b0:d2:96:b9:5c:8a:74:1f:92:2a:2a:f2:12
c8:b7:68:54:b5:58:41:81:40:68:06:1a:4f:85:29:fb
b5:4d:3c:0f:4f:3f:40:96:1b:ce:a8:cc:5e:35:ff:64
98:f5:75:dd:74:54:05:a0:36:11:04:12:24:55:63:ef
94:77:2e:77:f1:15:76:ee:d3:a4:59:45:21:9f:a8:be
d1:27:ed:0a:e8:ab:38:ca:3f:87:d1:da:f1:8f:b9:0b
1f:44:e7:e0:ad:f3:95:c2:16:4d:ec:84:a3:3a:92:d4
cf:c6:7d:e6:bd:cb:1a:40:4f:b3:54:b1:f3:8f:6f:0d
1e:e3:be:49:a3:56:e4:07:bc:8d:a7:ce:1d:b0:5b:57
56:d1:c4:1c:fc:98:65:d1:cd:46:2f:91:94:bf:45:85
49:f8:6d:52:87:1c:02:56:01:27:16:ab:72:2e:f4:71
e4:61:b5:20:a0:fa:26:69:6a:0a:f1:ab:9f:6d:b7:cf
25
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): TRUE
Path Length Constraint: 0
Key Usage (critical):
Digital signature.
Certificate signing.
CRL signing.
Authority Information Access (not critical):
Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
Access Location URI: http://ocsp.digicert.com
Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
Access Location URI:
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
CRL Distribution points (not critical):
URI:
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
URI:
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl
Certificate Policies (not critical):
2.5.29.32.0
URI: https://www.digicert.com/CPS
Subject Key Identifier (not critical):
67fd8820142798c709d22519bbe9511163755062
Authority Key Identifier (not critical):
45eba2aff492cb82312d518ba7a7219df36dc80f
Signature Algorithm: RSA-SHA256
Signature:
a9:28:35:7a:c4:7b:d6:da:27:1e:ac:98:cf:27:36:4f
11:32:74:74:e6:40:dd:1d:cd:f2:68:77:35:af:b3:8c
5d:c6:04:bf:15:f4:23:67:8b:b9:6f:97:04:eb:46:9d
c2:cd:c9:d1:a4:ae:81:2e:c9:ba:b1:e8:80:d0:1c:c9
39:c1:56:76:59:6c:9c:7d:e3:a9:f0:d3:d1:34:d8:3c
49:59:8b:1a:98:ce:bf:c6:f2:d8:30:35:ff:e9:6f:5d
a0:af:3a:ee:66:53:ae:aa:8c:69:c8:be:9a:a7:a0:7b
d8:82:4b:33:13:c8:07:f3:77:d7:f3:64:cd:9e:63:f9
42:27:53:ae:10:33:89:72:37:15:f1:be:f7:1e:35:a2
ce:c3:2d:f2:d7:b2:e6:0b:c7:69:c0:e5:1f:5f:7c:69
9b:7e:ce:26:1a:33:44:c3:ba:77:05:3b:ba:5d:3f:41
89:fa:16:3b:ee:04:6e:5b:ac:56:4b:ef:8c:70:f2:4a
7b:57:bd:19:6e:8b:36:07:54:26:2d:86:09:94:1f:5f
37:ab:f0:23:3f:8f:2c:5f:96:9e:47:71:a8:44:de:a9
b9:85:2f:b5:34:60:a5:5f:09:a0:9a:43:1d:d4:bf:2d
44:d6:8d:da:fd:75:cb:5f:16:a0:0e:61:c2:70:3d:36
Other Information:
Fingerprint:
sha1:77b99bb2bd7522e17ec099ea7177516f27787cad
sha256:beb8efe9b1a73c841b375a90e5fff8048848e3a2af66f6c4dd7b938d6fe8c5d8
Public Key ID:
sha1:5e5da582aef1b874badb5e21063d90a1d6c64810
sha256:f3ae75c0490c907e5fb6268ba79ee8aa6c772874c5cc3829ed97895d1d13a01b
Public Key PIN:
pin-sha256:8651wEkMkH5ftiaLp57oqmx3KHTFzDgp7ZeJXR0ToBs=
Public key's random art:
+--[ RSA 2048]----+
| Eo. oo .|
| . =.o . o |
| + = + . o |
| . . o o o |
| S = o |
| . B . . |
| = o . |
| . = . |
| =+o |
+-----------------+
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIQCHC8xa8/25Wakctq7u/kZTANBgkqhkiG9w0BAQsFADBl
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
b3QgQ0EwHhcNMTQxMTE4MTIwMDAwWhcNMjQxMTE4MTIwMDAwWjBkMQswCQYDVQQG
EwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFt
MQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMV2Dw/ZQyk7bG3RR63eEL8jwnio
Snc18SNb4EweQefCMQC9iDdFdd25AhCAHo/tZCMERaegOTuBTc9jP8JJ/yKeiLDS
lrlcinQfkioq8hLIt2hUtVhBgUBoBhpPhSn7tU08D08/QJYbzqjMXjX/ZJj1dd10
VAWgNhEEEiRVY++Udy538RV27tOkWUUhn6i+0SftCuirOMo/h9Ha8Y+5Cx9E5+Ct
85XCFk3shKM6ktTPxn3mvcsaQE+zVLHzj28NHuO+SaNW5Ae8jafOHbBbV1bRxBz8
mGXRzUYvkZS/RYVJ+G1ShxwCVgEnFqtyLvRx5GG1IKD6JmlqCvGrn223zyUCAwEA
AaOCAaYwggGiMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMHkG
CCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu
Y29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln
aUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2hjRodHRw
Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3Js
MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
SURSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo
dHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBRn/YggFCeYxwnS
JRm76VERY3VQYjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq
hkiG9w0BAQsFAAOCAQEAqSg1esR71tonHqyYzyc2TxEydHTmQN0dzfJodzWvs4xd
xgS/FfQjZ4u5b5cE60adws3J0aSugS7JurHogNAcyTnBVnZZbJx946nw09E02DxJ
WYsamM6/xvLYMDX/6W9doK867mZTrqqMaci+mqege9iCSzMTyAfzd9fzZM2eY/lC
J1OuEDOJcjcV8b73HjWizsMt8tey5gvHacDlH198aZt+ziYaM0TDuncFO7pdP0GJ
+hY77gRuW6xWS++McPJKe1e9GW6LNgdUJi2GCZQfXzer8CM/jyxflp5HcahE3qm5
hS+1NGClXwmgmkMd1L8tRNaN2v11y18WoA5hwnA9Ng==
-----END CERTIFICATE-----
- Status: The certificate is trusted.
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)
- Session ID:
2C:E3:09:15:22:D0:55:05:5C:7C:A3:B9:36:4A:8B:47:05:43:55:45:56:1E:07:A4:70:5B:98:C9:FA:D9:AC:DE
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Cipher: AES-256-GCM
- MAC: AEAD
- Compression: NULL
- Options: safe renegotiation, OCSP status request,
- Channel binding 'tls-unique': 6f4f3989dc9066832dcb4ab8
- Handshake was completed
OCSP Response Information:
Response Status: Successful
Response Type: Basic OCSP Response
Version: 1
Responder Key ID: 67fd8820142798c709d22519bbe9511163755062
Produced At: Thu Aug 24 11:48:45 UTC 2017
Responses:
Certificate ID:
Hash Algorithm: SHA1
Issuer Name Hash:
1175295285b7738d52a8e3508fb390c5eec7d46a
Issuer Key Hash:
67fd8820142798c709d22519bbe9511163755062
Serial Number: 0156904be054caf74df8e4e5a488d01a
Certificate Status: good
This Update: Thu Aug 24 11:48:45 UTC 2017
Next Update: Thu Aug 31 11:03:45 UTC 2017
Extensions:
Signature Algorithm: RSA-SHA256
Signature:
94:d5:07:88:fa:2c:0a:0d:05:96:d4:bc:0f:05:e2:d1
83:33:1d:6a:6c:62:d9:a3:93:8f:df:fa:6e:34:66:a9
4d:35:2a:71:cd:0f:d9:5d:1b:a4:8f:98:3f:24:8f:f8
48:df:f0:eb:15:0e:b2:af:87:90:67:03:c2:a4:c2:6c
d5:8a:23:c3:de:ce:39:c1:7a:ae:4a:6a:c2:a2:5a:23
1f:dd:f3:d5:4d:9a:32:5f:2f:45:bb:3b:cb:ce:9d:5e
f5:09:9c:6f:33:bf:e9:f5:cf:7e:b5:d5:40:3f:59:31
df:5a:66:65:b5:8b:39:56:1d:21:e0:a3:41:59:5a:36
05:56:85:a5:2b:b0:79:68:f4:c5:dd:bc:55:7c:f0:71
e6:6d:7e:52:75:f9:0a:c4:6a:b3:1c:a9:9d:46:a7:8c
f5:43:f0:c7:e0:ba:bd:69:bd:7c:4f:85:1c:6c:b0:a5
6e:3a:e8:fb:8f:0a:c9:83:6f:36:b7:b2:d7:30:61:6d
3a:43:99:74:dc:c3:67:2b:82:19:1f:7a:34:21:aa:fb
c7:ab:f8:07:94:a6:d3:d4:2f:1b:b9:6d:72:7a:70:ea
2b:af:13:b0:8a:43:8b:09:98:c3:7c:6e:b0:af:3f:c9
11:98:1e:9f:c5:bb:28:dc:6f:80:31:3f:e4:17:69:81
- Simple Client Mode:
...
=================================================================
My belief is that if gnutls seems to consider this certificate as
'valid' and if sitecopy of fuserdav are both failing when asking to
libneon, then the bug must be in libneon... i.e. somewhere in between...
So, did I miss something or is there really a serious bug here ?
(it may be possible that the certificate is flawed...but I wonder why
only libneon is seeing it as "wrong" then.
Feel free to ask me more details if needed!
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.12.4 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8),
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libneon27-gnutls depends on:
ii libc6 2.24-15
ii libcomerr2 1.43.5-1
ii libgnutls30 3.5.15-2
ii libgssapi-krb5-2 1.15.1-2
ii libk5crypto3 1.15.1-2
ii libkrb5-3 1.15.1-2
ii libxml2 2.9.4+dfsg1-3.1
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages libneon27-gnutls recommends:
ii ca-certificates 20170717
libneon27-gnutls suggests no packages.
-- no debconf information
