Bug#633373: TLS Connection Error

Óscar García Amor ogarcia at moire.org
Thu Jul 28 06:50:01 UTC 2011 

On Wed, 27 Jul 2011 19:41:22 +0200, Andreas Metzler wrote:
> Hello,

Hi!

> I have just uploaded libgcrypt11 1.4.6-8 to unstable. Could you
> doublecheck [..] tomorrow.

I checked it and it works perfectly:

enigma ogarcia # dpkg -i libgcrypt11_1.4.6-8_armel.deb
(Reading database ... 21014 files and directories currently installed.)
Preparing to replace libgcrypt11 1.4.6-7 (using 
libgcrypt11_1.4.6-8_armel.deb) ...
Unpacking replacement libgcrypt11 ...
Setting up libgcrypt11 (1.4.6-8) ...

<ogarcia at enigma> [~]$ gnutls-cli db.debian.org
Resolving 'db.debian.org'...
Connecting to '82.195.75.106:443'...
- Ephemeral Diffie-Hellman parameters
  - Using prime: 1024 bits
  - Secret key: 1023 bits
  - Peer's public key: 1023 bits
- Certificate type: X.509
  - Got a certificate list of 3 certificates.
  - Certificate[0] info:
   - subject `O=Debian,CN=db.debian.org,EMAIL=debian-admin at debian.org', 
issuer `O=Debian,CN=ca.debian.org,EMAIL=debian-admin at de
bian.org', RSA key 2048 bits, signed using RSA-SHA1, activated 
`2011-04-01 05:52:15 UTC', expires `2012-03-31 05:52:15 UTC', S
HA-1 fingerprint `88777cfc5bd5bb4590d0be07fa24d166e98c201c'
  - Certificate[1] info:
   - subject `O=Debian,CN=ca.debian.org,EMAIL=debian-admin at debian.org', 
issuer `C=US,ST=Indiana,L=Indianapolis,O=Software in the Public 
Interest,OU=hostmaster,CN=Certificate 
Authority,EMAIL=hostmaster at spi-inc.org', RSA key 4096 bits, signed using 
RSA-SHA1, activated `2008-05-13 09:13:20 UTC', expires `2018-05-10 
09:13:20 UTC', SHA-1 fingerprint 
`d726c9c7a22a52af1212e99342b76283aa40994c'
  - Certificate[2] info:
   - subject `C=US,ST=Indiana,L=Indianapolis,O=Software in the Public 
Interest,OU=hostmaster,CN=Certificate 
Authority,EMAIL=hostmaster at spi-inc.org', issuer 
`C=US,ST=Indiana,L=Indianapolis,O=Software in the Public 
Interest,OU=hostmaster,CN=Certificate 
Authority,EMAIL=hostmaster at spi-inc.org', RSA key 4096 bits, signed using 
RSA-SHA1, activated `2008-05-13 08:07:56 UTC', expires `2018-05-11 
08:07:56 UTC', SHA-1 fingerprint 
`af70884383820215cd61c6bcecfd3724a990431c'
- The hostname in the certificate matches 'db.debian.org'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

I also checked the XMPP connections and work OK:

Connecting to talk.google.com port 5222
Using STARTTLS encryption.
Authenticated successfully.
Requesting the roster.
Connection to talk.google.com established

Thanks!!

-- 
Óscar García Amor | ogarcia at moire.org | Systems Shaman
Moire | http://entropia.moire.org | +34 661 95 70 20

More information about the Pkg-gnutls-maint mailing list