Package: pianobar Version: 2014.09.28-1 Severity: grave Justification: renders package unusable
The SSL certificate for the pandora server that pianobar talks to has been rotated, the previous one having (presumably) expired. The new certificate has a start date of 30 Nov 2015. SSL certificate details as shown by gnutls-cli: $ gnutls-cli tuner.pandora.com -p 443 Processed 187 CA certificate(s). Resolving 'tuner.pandora.com'... Connecting to '208.85.40.35:443'... - Certificate type: X.509 - Got a certificate list of 3 certificates. - Certificate[0] info: - subject `C=US,ST=California,L=Oakland,O=Pandora Media\, Inc.,OU=operations,CN=tuner.pandora.com', issuer `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)10,CN=VeriSign Class 3 Secure Server CA - G3', RSA key 2048 bits, signed using RSA-SHA1, activated `2015-12-01 00:00:00 UTC', expires `2016-12-24 23:59:59 UTC', SHA-1 fingerprint `13cc51ac0c31cd96c55015c76914360f7ac41a00' Public Key ID: 7dc38c5f8029887cd68cc803d106058ca889ee39 Public key's random art: +--[ RSA 2048]----+ |.o=*. | |o .+oo = o | |o. .* = + o . | |+ + o + . | |. S o = . | | . o o | |. . . | | E | | . | +-----------------+ - Certificate[1] info: - subject `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)10,CN=VeriSign Class 3 Secure Server CA - G3', issuer `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary Certification Authority - G5', RSA key 2048 bits, signed using RSA-SHA1, activated `2010-02-08 00:00:00 UTC', expires `2020-02-07 23:59:59 UTC', SHA-1 fingerprint `5deb8f339e264c19f6686f5f8f32b54a4c46b476' - Certificate[2] info: - subject `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary Certification Authority - G5', issuer `C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority', RSA key 2048 bits, signed using RSA-SHA1, activated `2006-11-08 00:00:00 UTC', expires `2021-11-07 23:59:59 UTC', SHA-1 fingerprint `32f30882622b87cf8856c63db873df0853b4dd27' - Status: The certificate is trusted. - Description: (TLS1.2)-(RSA)-(AES-256-GCM) - Session ID: - 32:58:B0:65:4D:20:24:22:42:53:83:52:ED:88:94:DB:7C:FB:7F:25:1C:F1:27:7E:66:57:0A:0E:D9:ED:B8:A8 - Version: TLS1.2 - Key Exchange: RSA - Cipher: AES-256-GCM - MAC: AEAD - Compression: NULL - Options: safe renegotiation, - Handshake was completed firefox reports the same SHA1 fingerprint, and likewise successfully negotiates an SSL connection to this server with no security warnings. Updating ~/.config/pianobar/config to list this fingerprint is sufficient to work around the problem: tls_fingerprint = 13cc51ac0c31cd96c55015c76914360f7ac41a00 -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature
