Bug#505279: libgnutls26: segfault in _gnutls_x509_crt_get_raw_dn2
Andreas Henriksson
andreas at fatal.se
Tue Nov 11 15:58:32 UTC 2008
In hope that this information might be useful for tracking down the problem...
I can reproduce it with my self-signed certificate loaded in dovecot,
but not with my cacert-signed certificate.
If needed for debugging, I could give up my self-signed key since I could
stop using it without much hassle.
Information on Self-signed cert that mutt now crashes when opening
imaps://localhost
-------------------------------------------------------------------------
$ gnutls-cli -p 143 localhost --insecure -s
Resolving 'localhost'...
Connecting to '127.0.0.1:143'...
- Simple Client Mode:
* OK Dovecot ready.
. STARTTLS
. OK Begin TLS negotiation now.
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
- Using prime: 1032 bits
- Secret key: 1012 bits
- Peer's public key: 1024 bits
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
# The hostname in the certificate does NOT match 'localhost'.
# valid since: Sat Sep 27 20:15:43 CEST 2008
# expires at: Tue Sep 25 20:15:47 CEST 2018
# fingerprint: 1F:05:C4:56:0D:61:6F:63:E8:47:72:63:11:C8:78:0A
# Subject's DN: C=SE,CN=fatal.se,EMAIL=hostmaster at fatal.se
# Issuer's DN: C=SE,CN=fatal.se,EMAIL=hostmaster at fatal.se
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
. LOGOUT
* BYE Logging out
. OK Logout completed.
*** Fatal error: A TLS packet with unexpected length was received.
*** Server has terminated the connection abnormally.
Information on cacert signed certificate which does not cause mutt to crash:
-----------------------------------------------------------------------------
$ gnutls-cli -p 143 localhost --insecure -s
Resolving 'localhost'...
Connecting to '127.0.0.1:143'...
- Simple Client Mode:
* OK Dovecot ready.
. STARTTLS
. OK Begin TLS negotiation now.
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
- Using prime: 1032 bits
- Secret key: 1013 bits
- Peer's public key: 1024 bits
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
# The hostname in the certificate does NOT match 'localhost'.
# valid since: Tue Nov 11 16:00:28 CET 2008
# expires at: Sun May 10 17:00:28 CEST 2009
# fingerprint: 3E:62:44:BE:25:AC:BC:F2:AC:49:7B:CD:F4:60:E7:56
# Subject's DN: CN=*.fatal.se
# Issuer's DN: O=Root CA,OU=http://www.cacert.org,CN=CA Cert Signing Authority,EMAIL=support at cacert.org
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
. LOGOUT
* BYE Logging out
. OK Logout completed.
*** Fatal error: A TLS packet with unexpected length was received.
*** Server has terminated the connection abnormally.
--
Andreas Henriksson
More information about the Pkg-gnutls-maint
mailing list