Bug#527190: mutt: prompts for certificate despite (a)ccept always and saving it

[Y Giridhar Appaji Nag]

Package: mutt
Version: 1.5.18-6
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This bug holds good for both mutt and mutt-patched.

I start with an empty certificate_file and run mutt, the session looks like
this:

  OUT: -- Mutt: TLS/SSL Certificate check
  OUT: (r)eject, accept (o)nce, (a)ccept always
  
  IN: a
  
  OUT: Certificate saved
  OUT: Password for app...@mail.appaji.net:
  
  IN: password
  
  ALL OK
  
  QUIT
  
  OUT: -- Mutt: TLS/SSL Certificate check
  OUT: (r)eject, accept (o)nce, (a)ccept always
  
  IN: a
  
  OUT: Warning: Couldn't save certificate

I poked around mutt code a bit and it looks like the failure is from here:

mutt_ssl_gnutls.c : tls_check_one_certificate

822         if ((fp = fopen (SslCertFile, "a")))
823         {
...
830           if (certerr_nottrusted)
831           {
832             done = 0;
833             ret = gnutls_pem_base64_encode_alloc ("CERTIFICATE", certdata,
834                                                   &pemdata);
835             if (ret == 0)
836             {
837               if (fwrite (pemdata.data, pemdata.size, 1, fp) == 1)
838               {
839                 done = 1;
840               }
...
846         if (!done)
847         {
848           mutt_error (_("Warning: Couldn't save certificate"));
849           mutt_sleep (2);
850         }

Turns out that certerr_nottrusted was 0 and it is set on the basis of certstat
in the same function.  I don't have a log of further investigation but AFAIR,
certstat was GNUTLS_CERT_INSECURE_ALGORITHM.

Please let me know if you need more information.

Giridhar

- -- Package-specific info:
Mutt 1.5.18 (2008-05-17)
Copyright (C) 1996-2008 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.

System: Linux 2.6.29-1-686 (i686)
ncurses: ncurses 5.7.20090411 (compiled with 5.7)
libidn: 1.14 (compiled with 1.10)
hcache backend: GDBM version 1.8.3. 10/15/2002 (built Aug 27 2008 09:23:18)
Compile options:
- -DOMAIN
+DEBUG
- -HOMESPOOL  +USE_SETGID  +USE_DOTLOCK  +DL_STANDALONE  
+USE_FCNTL  -USE_FLOCK   
+USE_POP  +USE_IMAP  +USE_SMTP  +USE_GSS  -USE_SSL_OPENSSL  +USE_SSL_GNUTLS  
+USE_SASL  +HAVE_GETADDRINFO  
+HAVE_REGCOMP  -USE_GNU_REGEX  
+HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET  
+HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM  
+CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME  -CRYPT_BACKEND_GPGME  
- -EXACT_ADDRESS  -SUN_ATTACHMENT  
+ENABLE_NLS  -LOCALES_HACK  +COMPRESSED  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET 
 +HAVE_LANGINFO_YESEXPR  
+HAVE_ICONV  -ICONV_NONTRANS  +HAVE_LIBIDN  +HAVE_GETSID  +USE_HCACHE  
- -ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
MIXMASTER="mixmaster"
To contact the developers, please mail to <mutt-...@mutt.org>.
To report a bug, please visit http://bugs.mutt.org/.

patch-1.5.13.cd.ifdef.2
patch-1.5.13.cd.purge_message.3.4
patch-1.5.13.nt+ab.xtitles.4
patch-1.5.18.sidebar.20080611.txt
patch-1.5.4.vk.pgp_verbose_mime
patch-1.5.6.dw.maildir-mtime.1
patch-1.5.8.hr.sensible_browser_position.3

- -- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (800, 'unstable'), (700, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.29-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mutt depends on:
ii  libc6                2.9-8               GNU C Library: Shared libraries
ii  libcomerr2           1.41.5-1            common error description library
ii  libgdbm3             1.8.3-4             GNU dbm database routines (runtime
ii  libgnutls26          2.6.5-1             the GNU TLS library - runtime libr
ii  libidn11             1.14-3              GNU Libidn library, implementation
ii  libkrb53             1.6.dfsg.4~beta1-13 Transitional library package/krb4 
ii  libncursesw5         5.7+20090411-1      shared libraries for terminal hand
ii  libsasl2-2           2.1.22.dfsg1-23     Cyrus SASL - authentication abstra

Versions of packages mutt recommends:
ii  exim4-daemon-light [mail-tran 4.69-9     lightweight Exim MTA (v4) daemon
ii  locales                       2.9-8      GNU C Library: National Language (
ii  mime-support                  3.44-1     MIME files 'mime.types' & 'mailcap

Versions of packages mutt suggests:
ii  aspell                      0.60.6-1     GNU Aspell spell-checker
ii  ca-certificates             20081127     Common CA certificates
ii  gnupg                       1.4.9-4      GNU privacy guard - a free PGP rep
ii  ispell                      3.1.20.0-4.4 International Ispell (an interacti
pn  mixmaster                   <none>       (no description available)
ii  openssl                     0.9.8g-16    Secure Socket Layer (SSL) binary a
pn  urlview                     <none>       (no description available)

Versions of packages mutt is related to:
ii  mutt                          1.5.18-6   text-based mailreader supporting M
pn  mutt-dbg                      <none>     (no description available)
ii  mutt-patched                  1.5.18-6   the Mutt Mail User Agent with extr

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJKARhxAAoJENbfLHnbvsrcsDIH/1OXrIn15l/dMlacuItUhEs9
joQgUbZTyP4ac1d/oV7LW/pvbs4LqDWgV1rQBXoEMePC+q3kRi40IlFr7BUvWhQC
FAJx2nR22Nz8QilmGqgj53uTV6o6fripBWAB9Ua2J0pC/tPN2Xd7s32/EKdDLOCO
xQzfClbx3k3KTu53sq+JiBeIakI7Lb5IeuRLlce8HKBE5rDD2h4L5rPjXASD6uHb
HMkof1gNnSitZQED/FpneMqPsyNC6pDibPgr5w/bL7yYAD386ERSRWpHe46xLA7k
ADhy/E58Fw6eIJxgiS3IOe4kMYci5r26zaKXGuGnJG3qv8apGi5JWyKFJydW37c=
=AALp
-----END PGP SIGNATURE-----



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org