Bug#241725: marked as done (Documentation that tls_verify_certificates has to point to a *file* with GnuTLS is incomplete)
Debian Bug Tracking System
owner@bugs.debian.org
Sun, 16 Jan 2005 12:18:18 -0800
Your message dated Sun, 16 Jan 2005 21:08:19 +0100
with message-id <20050116200819.GA2970@downhill.at.eu.org>
and subject line exim4 4.43-3 uploaded to Debian unstable
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 6 Mar 2004 12:47:55 +0000
>From ray@xinara.org Sat Mar 06 04:47:55 2004
Return-path: <ray@xinara.org>
Received: from mail.o2w.nl [213.227.141.209] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1AzbDf-0002m8-00; Sat, 06 Mar 2004 04:47:55 -0800
Received: from zensunni.xinara.org (unknown [217.22.72.48])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(Client did not present a certificate)
by mail.o2w.nl (Postfix) with ESMTP id 4019835B17
for <submit@bugs.debian.org>; Sat, 6 Mar 2004 13:47:50 +0100 (CET)
Received: from ray by zensunni.xinara.org with local (Exim 4.30)
id 1AzbDX-0005ll-Re; Sat, 06 Mar 2004 13:47:47 +0100
Date: Sat, 6 Mar 2004 13:47:47 +0100
From: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Unexpected behaviour with empty tls_verify_certificates file/directory
Message-ID: <20040306124747.GA22106@xinara.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 2.49
Organization: Ray at home
X-System: Debian GNU/Linux testing/unstable, kernel 2.4.26-pre1
User-Agent: Mutt/1.5.5.1+cvs20040105i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_05
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=HAS_PACKAGE autolearn=no
version=2.60-bugs.debian.org_2004_03_05
X-Spam-Level:
Package: exim4-daemon-heavy
Version: 4.30-7
Severity: normal
When tls_verify_certificates is set to refer to an empty (existing, but zero
bytes content) file or an empty directory, TLS support (at least
tls_verify_hosts and tls_try_verify_hosts) is broken, and the mainlog gets
entries like this on a TLS connection attempt:
2004-03-06 13:27:06 TLS error on connection from phil.o2w.nl [213.227.141.205] (setup_certs): Error while reading file.
which is not behaviour I would expect based on the documentation. From the
documentation, the sensible behaviour in this case would be to deal with
this as "the list of hosts for which a certificate is known is empty".
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-pre1
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
Versions of packages exim4-daemon-heavy depends on:
ii exim4-base 4.30-7 EXperimental Internal Mailer -- a
ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an
ii libdb3 3.2.9-19 Berkeley v3 Database Libraries [ru
ii libgnutls10 1.0.4-3 GNU TLS library - runtime library
ii libldap2 2.1.26-1 OpenLDAP libraries
ii libmysqlclient12 4.0.18-2 mysql database client library
ii libpam0g 0.76-15 Pluggable Authentication Modules l
ii libpcre3 4.3-4 Philip Hazel's Perl 5 Compatible R
ii libperl5.8 5.8.3-2 Shared Perl library.
ii libpq3 7.4.1-3 Shared library libpq.so.3 for Post
-- no debconf information
--
Obsig: developing a new sig
---------------------------------------
Received: (at 241725-done) by bugs.debian.org; 16 Jan 2005 20:08:38 +0000
>From ametzler@debian.org Sun Jan 16 12:08:38 2005
Return-path: <ametzler@debian.org>
Received: from m26s25.vlinux.de [83.151.30.59] ([VxU2E2fm6d954rEoodxcek70dy1UDTcS])
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CqGhR-00041q-00; Sun, 16 Jan 2005 12:08:37 -0800
Received: from m-134-246.adsl.univie.ac.at ([131.130.134.246])
by m26s25.vlinux.de with asmtp (Exim 4.34)
id 1CqGi7-0002fh-T0; Sun, 16 Jan 2005 20:09:36 +0000
Received: from ametzler by downhill.univie.ac.at with local (cert-ver=0) (Exim 4.43)
id 1CqGh9-0000nI-R2; Sun, 16 Jan 2005 21:08:19 +0100
Date: Sun, 16 Jan 2005 21:08:19 +0100
From: Andreas Metzler <ametzler@debian.org>
To: 274246-done@bugs.debian.org, 267994-done@bugs.debian.org,
262592-done@bugs.debian.org, 277817-done@bugs.debian.org,
265818-done@bugs.debian.org, 241725-done@bugs.debian.org,
260114-done@bugs.debian.org, 261511-done@bugs.debian.org,
230545-done@bugs.debian.org, 237947-done@bugs.debian.org
Subject: exim4 4.43-3 uploaded to Debian unstable
Message-ID: <20050116200819.GA2970@downhill.at.eu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-GPG-Fingerprint: BCF7 1345 BE42 B5B8 1A57 EE09 1D33 9C65 8B8D 7663
User-Agent: Mutt/1.5.6+20040907i
X-Spam-Score: 1.3 (+)
Delivered-To: 241725-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 3
I've uploaded exim4 4.43-3 to unstable a couple of hours ago, and can
close a couple of bugs fixed by the new upstream version.
* New upstream version. (am) (Closes: #274246, #267994)
- no more unescaped hyphens in exim.8. (Closes: #262592)
- no more warnings in exipick.8 (Closes: #277817)
- New option tls_on_connect_ports. (Closes: #265818)
- better documentation about differences in configuring for GnuTLS or
OpenSSL. (Closes: #241725)
- verify = header_sender now respects callout options. (Closes: #260114)
- There is now an overall timeout for performing a callout verification.
(Closes: #261511)
- Less typos in filter.txt. (Closes: #230545)
- New ACL: acl_smtp_predata, useful for greylisting. (Closes: #237947)