Package: gnutls-bin Version: 2.8.5-2 Severity: important Today, Evolution stopped being able to connect to my company's email server, claiming that the SSL certificate was bad. Thunderbird does not have that problem, but while debugging the issue I found that gnutls-cli does too.
I've kept the actual server details out of this public bug report; please tell me what email address I can mail them to if you want to debug the issue on your end. $ gnutls-cli --x509cafile /etc/ssl/certs/Go_Daddy_Class_2_CA.pem --starttls -p imap imap.example.com Processed 1 CA certificate(s). Resolving 'imap.example.com'... Connecting to '192.0.2.1:143'... - Simple Client Mode: * OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS QUOTA STARTTLS LOGINDISABLED] Dovecot ready. a STARTTLS a OK Begin TLS negotiation now. *** Starting TLS handshake - Ephemeral Diffie-Hellman parameters - Using prime: 1024 bits - Secret key: 1023 bits - Peer's public key: 1020 bits - Certificate type: X.509 - Got a certificate list of 4 certificates. - Certificate[0] info: - subject `O=*.example.com,OU=Domain Control Validated,CN=*.example.com', issuer `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://certificates.godaddy.com/repository,CN=Go Daddy Secure Certification Authority,serialNumber=88888888', RSA key 2048 bits, signed using RSA-SHA, activated `2009-04-21 10:59:00 UTC', expires `2010-04-30 15:52:40 UTC', SHA-1 fingerprint `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' - Certificate[1] info: - subject `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://certificates.godaddy.com/repository,CN=Go Daddy Secure Certification Authority,serialNumber=07969287', issuer `C=US,O=The Go Daddy Group\, Inc.,OU=Go Daddy Class 2 Certification Authority', RSA key 2048 bits, signed using RSA-SHA, activated `2006-11-16 01:54:37 UTC', expires `2026-11-16 01:54:37 UTC', SHA-1 fingerprint `7c4656c3061f7f4c0d67b319a855f60ebc11fc44' - Certificate[2] info: - subject `C=US,O=The Go Daddy Group\, Inc.,OU=Go Daddy Class 2 Certification Authority', issuer `L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert Class 2 Policy Validation Authority,CN=http://www.valicert.com/,email=i...@valicert.com', RSA key 2048 bits, signed using RSA-SHA, activated `2004-06-29 17:06:20 UTC', expires `2024-06-29 17:06:20 UTC', SHA-1 fingerprint `de70f4e2116f7fdce75f9d13012b7e687a3b2c62' - Certificate[3] info: - subject `L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert Class 2 Policy Validation Authority,CN=http://www.valicert.com/,email=i...@valicert.com', issuer `L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert Class 2 Policy Validation Authority,CN=http://www.valicert.com/,email=i...@valicert.com', RSA key 1024 bits, signed using RSA-SHA, activated `1999-06-26 00:19:54 UTC', expires `2019-06-26 00:19:54 UTC', SHA-1 fingerprint `317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca6' - The hostname in the certificate matches 'imap.example.com'. - Peer's certificate issuer is not a CA - Peer's certificate is NOT trusted - Version: TLS1.0 - Key Exchange: DHE-RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL *** Verifying server certificate failed... -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (530, 'testing'), (520, 'unstable'), (400, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gnutls-bin depends on: ii libc6 2.10.2-2 GNU C Library: Shared libraries ii libgcrypt11 1.4.4-6 LGPL Crypto library - runtime libr ii libgnutls26 2.8.5-2 the GNU TLS library - runtime libr ii libreadline6 6.0-5 GNU readline and history libraries ii libtasn1-3 2.3-1 Manage ASN.1 structures (runtime) ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime gnutls-bin recommends no packages. gnutls-bin suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
