Package: xchat
Version: 2.8.8-3+b1
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm not able to connect to any server using SSL unless I disable
verification of the server certificate.
* Looking up irc.oftc.net
* Connecting to irc.geo.oftc.net (193.198.184.13) port 6697...
* * Subject: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public
Interest/OU=hostmaster/CN=Certificate
Authority/emailAddress=hostmas...@spi-inc.org
* * Issuer: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public
Interest/OU=hostmaster/CN=Certificate
Authority/emailAddress=hostmas...@spi-inc.org
* * Subject: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public
Interest/OU=hostmaster/CN=Certificate
Authority/emailAddress=hostmas...@spi-inc.org
* * Issuer: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public
Interest/OU=hostmaster/CN=Certificate
Authority/emailAddress=hostmas...@spi-inc.org
* * Subject: /O=Open and Free Technology Community/OU=Certification
Authority/CN=ca.oftc.net/emailAddress=supp...@oftc.net
* * Issuer: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public
Interest/OU=hostmaster/CN=Certificate
Authority/emailAddress=hostmas...@spi-inc.org
* * Subject: /O=Open and Free Technology Community/OU=certification authority
for irc/CN=irc.ca.oftc.net/emailAddress=supp...@oftc.net
* * Issuer: /O=Open and Free Technology Community/OU=Certification
Authority/CN=ca.oftc.net/emailAddress=supp...@oftc.net
* * Subject: /CN=kilo.oftc.net
* * Issuer: /O=Open and Free Technology Community/OU=certification authority
for irc/CN=irc.ca.oftc.net/emailAddress=supp...@oftc.net
* * Certification info:
* Subject:
* CN=kilo.oftc.net
* Issuer:
* O=Open and Free Technology Community
* OU=certification authority for irc
* CN=irc.ca.oftc.net
* emailAddress=supp...@oftc.net
* Public key algorithm: rsaEncryption (2048 bits)
* Sign algorithm sha1WithRSAEncryption
* Valid since Jun 12 14:36:39 2010 GMT to Jun 12 14:36:39 2011 GMT
* * Cipher info:
* Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits)
* Connection failed. Error: self signed certificate in certificate chain.? (19)
I don't think this is an OpenSSL problem as:
$ openssl s_client -connect irc.oftc.net:6697 -CApath /etc/ssl/certs
CONNECTED(00000003)
depth=3 /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public
Interest/OU=hostmaster/CN=Certificate
Authority/emailAddress=hostmas...@spi-inc.org
verify return:1
depth=2 /O=Open and Free Technology Community/OU=Certification
Authority/CN=ca.oftc.net/emailAddress=supp...@oftc.net
verify return:1
depth=1 /O=Open and Free Technology Community/OU=certification authority for
irc/CN=irc.ca.oftc.net/emailAddress=supp...@oftc.net
verify return:1
depth=0 /CN=kinetic.oftc.net
verify return:1
- ---
Certificate chain
0 s:/CN=kinetic.oftc.net
i:/O=Open and Free Technology Community/OU=certification authority for
irc/CN=irc.ca.oftc.net/emailAddress=supp...@oftc.net
1 s:/O=Open and Free Technology Community/OU=certification authority for
irc/CN=irc.ca.oftc.net/emailAddress=supp...@oftc.net
i:/O=Open and Free Technology Community/OU=Certification
Authority/CN=ca.oftc.net/emailAddress=supp...@oftc.net
2 s:/O=Open and Free Technology Community/OU=Certification
Authority/CN=ca.oftc.net/emailAddress=supp...@oftc.net
i:/C=US/ST=Indiana/L=Indianapolis/O=Software in the Public
Interest/OU=hostmaster/CN=Certificate
Authority/emailAddress=hostmas...@spi-inc.org
3 s:/C=US/ST=Indiana/L=Indianapolis/O=Software in the Public
Interest/OU=hostmaster/CN=Certificate
Authority/emailAddress=hostmas...@spi-inc.org
i:/C=US/ST=Indiana/L=Indianapolis/O=Software in the Public
Interest/OU=hostmaster/CN=Certificate
Authority/emailAddress=hostmas...@spi-inc.org
- ---
Server certificate
- -----BEGIN CERTIFICATE-----
MIIEWDCCA0CgAwIBAgIBSDANBgkqhkiG9w0BAQUFADCBkjErMCkGA1UEChMiT3Bl
biBhbmQgRnJlZSBUZWNobm9sb2d5IENvbW11bml0eTEoMCYGA1UECxMfY2VydGlm
aWNhdGlvbiBhdXRob3JpdHkgZm9yIGlyYzEYMBYGA1UEAxMPaXJjLmNhLm9mdGMu
bmV0MR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QG9mdGMubmV0MB4XDTEwMTAxMzA5
NTMzMFoXDTExMTAxMzA5NTMzMFowGzEZMBcGA1UEAxMQa2luZXRpYy5vZnRjLm5l
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmGnF9ZWiwdccG/P08J
qL/xTpTGNGKRT171nzIRcVRehqSahhPc6vpIWpVjxTXq2wy0aBQODJElrsTCCF83
4TvUKxCYryqLcwn9DuX5w7BPib3hKt2yvXkRSPKKd7GezBVzty10bUoyeuIwbW1n
IyXigC7eW14Fgw6qD6EQrtjzzYRL+g7G2jsv1eSWZ5lNLPDWc3/xym6NmuSPLwhv
jtn5RPTpWX5SuZ5a2qZ9eYElZsv62v2jhi8HZyQWgUP3vS+cdHP6Av4a9vxntFC5
AWYKAlKiJH93x0NKBYo0cm9/2LGxxpBg/Pepnxz2iam+7WT4NzEm8RXYlVL3ZplD
zZkCAwEAAaOCAS0wggEpMAkGA1UdEwQCMAAwHQYDVR0OBBYEFN9Q7zY7Yj3uiGbJ
fFJNnDAJhsJVMIGzBgNVHSMEgaswgaiAFD4msTg6Kk2C8rmG4OFx7V6LhwfPoYGM
pIGJMIGGMSswKQYDVQQKEyJPcGVuIGFuZCBGcmVlIFRlY2hub2xvZ3kgQ29tbXVu
aXR5MSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEUMBIGA1UEAxML
Y2Eub2Z0Yy5uZXQxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb2Z0Yy5uZXSCAQMw
RwYDVR0RBEAwPoIMaXJjLm9mdGMubmV0gg1pcmM2Lm9mdGMubmV0gg1pcmNzLm9m
dGMubmV0ghBraW5ldGljLm9mdGMubmV0MA0GCSqGSIb3DQEBBQUAA4IBAQAdAj1c
mh9K+U9vYgK3WljKHIVgwQVR8YflVkdQ/k8L/n32Kn6C8p3zEwdbjdfQPTwrisLN
pSJHVx0fW34QPTirSs+BKcTA58KrspTl+qtVR1uVLCgetl5pEqKK7XMVmXg7AGiT
sk7aTTPQsjcGCNn7NC245O9C/1Vv9MuWLYTFUQ3855qlXFpDCNqkNthezJnai4JJ
ae1PpqGMtWS2sNdoFMaYmYEUO8sqL+rhZ8TG2ATfPXRnK4qtu5LKfTPc+4FmNA+L
sv6NaMSptqblu49Gd4BymtmoCYRQw6xUgJhdsg8dW27QYfK8X4lPPjUUphqrW+QQ
PHtrS9gQ+3Gv2xzJ
- -----END CERTIFICATE-----
subject=/CN=kinetic.oftc.net
issuer=/O=Open and Free Technology Community/OU=certification authority for
irc/CN=irc.ca.oftc.net/emailAddress=supp...@oftc.net
- ---
No client certificate CA names sent
- ---
SSL handshake has read 6092 bytes and written 459 bytes
- ---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: CC1F4C369F9D6687464073AF83BFDF9044D686868B816A91963875DE036B8865
Session-ID-ctx:
Master-Key:
2084F896FFED7894E0D3F0A259192BE79BEC471A5D5B804C39088C2D4393666A33B820BA36E0149C0867F62B34308E49
Key-Arg : None
Start Time: 1305670296
Timeout : 300 (sec)
Verify return code: 0 (ok)
- ---
:kinetic.oftc.net NOTICE AUTH :*** Looking up your hostname...
:kinetic.oftc.net NOTICE AUTH :*** Checking Ident
:kinetic.oftc.net NOTICE AUTH :*** Couldn't look up your hostname
- -- System Information:
Debian Release: wheezy/sid
APT prefers stable-updates
APT policy: (550, 'stable-updates'), (550, 'stable'), (540, 'testing'), (530,
'unstable'), (520, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages xchat depends on:
ii libatk1.0-0 2.0.0-1 The ATK accessibility toolkit
ii libc6 2.13-4 Embedded GNU C Library: Shared lib
ii libcairo2 1.10.2-6 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.4.8-3 simple interprocess messaging syst
ii libdbus-glib-1-2 0.88-2.1 simple interprocess messaging syst
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib
ii libgdk-pixbuf2.0-0 2.23.3-3 GDK Pixbuf library
ii libglib2.0-0 2.28.6-1 The GLib library of C routines
ii libgtk2.0-0 2.24.4-3 The GTK+ graphical user interface
ii libpango1.0-0 1.28.3-6 Layout and rendering of internatio
ii libperl5.12 5.12.3-6 shared Perl library
ii libsexy2 0.1.11-2+b1 collection of additional GTK+ widg
ii libssl1.0.0 1.0.0d-2 SSL shared libraries
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxml2 2.7.8.dfsg-2 GNOME XML library
ii xchat-common 2.8.8-3 Common files for X-Chat
Versions of packages xchat recommends:
ii alsa-utils 1.0.23-3 Utilities for configuring and usin
ii esound-clients 0.2.41-8 Enlightened Sound Daemon - clients
ii libnotify1 0.5.0-2 sends desktop notifications to a n
ii libpython2.6 2.6.6-8+b1 Shared Python runtime library (ver
ii tcl8.5 8.5.8-2 Tcl (the Tool Command Language) v8
ii xdg-utils 1.0.2+cvs20100307-2 desktop integration utilities from
xchat suggests no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk3S8rkACgkQshl/216gEHjSYACg5Jjr3h5g2qaVsmDBd8c/k2Er
2SYAoNC8PsBmrLXbY+gyQ2TFs3Lm49OO
=NDAp
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
