Bug#788011: mutt fails to connect to imaps after update

Michal Hocko mstsxfx at gmail.com
Mon Jun 8 20:10:25 UTC 2015 

On Mon, Jun 08, 2015 at 07:48:54PM +0200, Andreas Metzler wrote:
> On 2015-06-08 Michal Hocko <mstsxfx at gmail.com> wrote:
[...]
> > Are there any commands I can run to give you sufficient information?
> > mutt with -d 5 doesn't tell more than the error message I've already
> > provided.
> 
> As a first step you could check whether gnutls-cli can still connect
> and if not post a full log (gnutls-cli -d 4711 -p imaps <host>)

Thanks, this helps to get mutt out of the picture. The imap server
is using a self-signed certificate which I didn't have in my trusted
database, so I've added it now. This made gnutls-cli with 3.3.15-2
version of the library happy and the above command connected to the
server.

This is not the case for the updated version (3.3.15-5) of the library,
though. It complains about "Bad record MAC" like mutt (see the full
log attached - I just have scrubbed INT: hash message because I wasn't
really sure what they mean and didn't feel comfortable to reveal them
without understanding) and fails to connect.

> Please make sure your system is up-to-date sid, *partial* upgrades
> are currently broken due to the nettle transition.

I am running testing with some packages from unstable/experimental.
Which packages should I be careful about?
-- 
Michal Hocko
-------------- next part --------------
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1869
|<3>| ASSERT: common.c:1869
|<3>| ASSERT: common.c:1869
|<3>| ASSERT: common.c:1869
|<3>| ASSERT: common.c:1869
|<3>| ASSERT: common.c:1869
|<3>| ASSERT: common.c:1869
|<3>| ASSERT: common.c:1869
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1869
|<3>| ASSERT: common.c:1869
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: dn.c:994
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:994
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:994
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:994
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:994
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:994
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:994
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<5>| REC[0xb78c10]: Allocating epoch #0
|<3>| ASSERT: gnutls_constate.c:586
|<5>| REC[0xb78c10]: Allocating epoch #1
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 (C0.72)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 (C0.73)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_ECDSA_ARCFOUR_128_SHA1 (C0.07)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_AES_256_GCM_SHA384 (00.9D)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_ARCFOUR_128_SHA1 (00.05)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: RSA_ARCFOUR_128_MD5 (00.04)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256 (00.9E)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_RSA_AES_256_GCM_SHA384 (00.9F)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.7C)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.7D)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 (00.67)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 (00.6B)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA256 (00.BE)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA256 (00.C4)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_AES_128_GCM_SHA256 (00.A2)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_AES_256_GCM_SHA384 (00.A3)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_GCM_SHA256 (C0.80)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_GCM_SHA384 (C0.81)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 (00.40)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 (00.6A)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 (00.44)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA256 (00.BD)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 (00.87)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA256 (00.C3)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13)
|<4>| HSK[0xb78c10]: Keeping ciphersuite: DHE_DSS_ARCFOUR_128_SHA1 (00.66)
|<4>| EXT[0xb78c10]: Sending extension STATUS REQUEST (5 bytes)
|<4>| EXT[0xb78c10]: Sending extension SERVER NAME (17 bytes)
|<4>| EXT[0xb78c10]: Sending extension SAFE RENEGOTIATION (1 bytes)
|<4>| EXT[0xb78c10]: Sending extension SESSION TICKET (0 bytes)
|<4>| EXT[0xb78c10]: Sending extension SUPPORTED ECC (12 bytes)
|<4>| EXT[0xb78c10]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
|<4>| EXT[0xb78c10]: sent signature algo (4.1) RSA-SHA256
|<4>| EXT[0xb78c10]: sent signature algo (4.2) DSA-SHA256
|<4>| EXT[0xb78c10]: sent signature algo (4.3) ECDSA-SHA256
|<4>| EXT[0xb78c10]: sent signature algo (5.1) RSA-SHA384
|<4>| EXT[0xb78c10]: sent signature algo (5.3) ECDSA-SHA384
|<4>| EXT[0xb78c10]: sent signature algo (6.1) RSA-SHA512
|<4>| EXT[0xb78c10]: sent signature algo (6.3) ECDSA-SHA512
|<4>| EXT[0xb78c10]: sent signature algo (3.1) RSA-SHA224
|<4>| EXT[0xb78c10]: sent signature algo (3.2) DSA-SHA224
|<4>| EXT[0xb78c10]: sent signature algo (3.3) ECDSA-SHA224
|<4>| EXT[0xb78c10]: sent signature algo (2.1) RSA-SHA1
|<4>| EXT[0xb78c10]: sent signature algo (2.2) DSA-SHA1
|<4>| EXT[0xb78c10]: sent signature algo (2.3) ECDSA-SHA1
|<4>| EXT[0xb78c10]: Sending extension SIGNATURE ALGORITHMS (28 bytes)
|<4>| HSK[0xb78c10]: CLIENT HELLO was queued [270 bytes]
|<11>| HWRITE: enqueued [CLIENT HELLO] 270. Total 270 bytes.
|<11>| HWRITE FLUSH: 270 bytes in buffer.
|<5>| REC[0xb78c10]: Preparing Packet Handshake(22) with length: 270 and min pad: 0
|<9>| ENC[0xb78c10]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<11>| WRITE: enqueued 275 bytes for 0x4. Total 275 bytes.
|<5>| REC[0xb78c10]: Sent Packet[1] Handshake(22) in epoch 0 and length: 275
|<11>| HWRITE: wrote 1 bytes, 0 bytes left.
|<11>| WRITE FLUSH: 275 bytes in buffer.
|<11>| WRITE: wrote 275 bytes, 0 bytes left.
|<3>| ASSERT: gnutls_buffers.c:1138
|<10>| READ: Got 5 bytes from 0x4
|<10>| READ: read 5 bytes from 0x4
|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<10>| RB: Requested 5 bytes
|<5>| REC[0xb78c10]: SSL 3.1 Handshake packet received. Epoch 0, length: 57
|<5>| REC[0xb78c10]: Expected Packet Handshake(22)
|<5>| REC[0xb78c10]: Received Packet Handshake(22) with length: 57
|<10>| READ: Got 57 bytes from 0x4
|<10>| READ: read 57 bytes from 0x4
|<10>| RB: Have 5 bytes into buffer. Adding 57 bytes.
|<10>| RB: Requested 62 bytes
|<5>| REC[0xb78c10]: Decrypted Packet[0] Handshake(22) with length: 57
|<13>| BUF[REC]: Inserted 57 bytes of Data(22)
|<4>| HSK[0xb78c10]: SERVER HELLO (2) was received. Length 53[53], frag offset 0, frag length: 53, sequence: 0
|<4>| HSK[0xb78c10]: Server's version: 3.1
|<4>| HSK[0xb78c10]: SessionID length: 0
|<4>| HSK[0xb78c10]: SessionID: 00
|<4>| HSK[0xb78c10]: Selected cipher suite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<4>| HSK[0xb78c10]: Selected compression method: NULL (0)
|<4>| EXT[0xb78c10]: Parsing extension 'SERVER NAME/0' (0 bytes)
|<4>| EXT[0xb78c10]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
|<4>| EXT[0xb78c10]: Parsing extension 'SESSION TICKET/35' (0 bytes)
|<4>| HSK[0xb78c10]: Safe renegotiation succeeded
|<3>| ASSERT: gnutls_buffers.c:1138
|<10>| READ: Got 5 bytes from 0x4
|<10>| READ: read 5 bytes from 0x4
|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<10>| RB: Requested 5 bytes
|<5>| REC[0xb78c10]: SSL 3.1 Handshake packet received. Epoch 0, length: 6964
|<5>| REC[0xb78c10]: Expected Packet Handshake(22)
|<5>| REC[0xb78c10]: Received Packet Handshake(22) with length: 6964
|<10>| READ: Got 2829 bytes from 0x4
|<10>| READ: Got 1448 bytes from 0x4
|<10>| READ: Got 1448 bytes from 0x4
|<10>| READ: Got 1239 bytes from 0x4
|<10>| READ: read 6964 bytes from 0x4
|<10>| RB: Have 5 bytes into buffer. Adding 6964 bytes.
|<10>| RB: Requested 6969 bytes
|<5>| REC[0xb78c10]: Decrypted Packet[1] Handshake(22) with length: 6964
|<13>| BUF[REC]: Inserted 6964 bytes of Data(22)
|<4>| HSK[0xb78c10]: CERTIFICATE (11) was received. Length 6960[6960], frag offset 0, frag length: 6960, sequence: 0
|<3>| ASSERT: dn.c:249
|<3>| ASSERT: dn.c:249
|<3>| ASSERT: extensions.c:65
|<3>| ASSERT: dn.c:249
|<3>| ASSERT: dn.c:249
|<3>| ASSERT: extensions.c:65
|<3>| ASSERT: dn.c:249
|<3>| ASSERT: dn.c:249
|<3>| ASSERT: extensions.c:65
|<3>| ASSERT: dn.c:249
|<3>| ASSERT: dn.c:249
|<3>| ASSERT: extensions.c:65
|<3>| ASSERT: status_request.c:382
|<3>| ASSERT: dn.c:994
|<3>| ASSERT: dn.c:994
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: verify.c:605
|<3>| ASSERT: verify.c:956
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:994
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: dn.c:990
|<3>| ASSERT: extensions.c:65
|<3>| ASSERT: name_constraints.c:173
|<3>| ASSERT: mpi.c:238
|<3>| ASSERT: name_constraints.c:87
|<3>| ASSERT: name_constraints.c:87
|<3>| ASSERT: name_constraints.c:830
|<9>| matching imap.suse.de with DNS constraint suse.de
|<3>| ASSERT: name_constraints.c:830
|<9>| matching imap-int.suse.de with DNS constraint suse.de
|<3>| ASSERT: name_constraints.c:830
|<9>| matching imap2-int.suse.de with DNS constraint suse.de
|<3>| ASSERT: x509_ext.c:115
|<3>| ASSERT: x509.c:1396
|<3>| ASSERT: mpi.c:238
|<3>| ASSERT: common.c:1052
|<3>| ASSERT: gnutls_buffers.c:1138
|<10>| READ: Got 5 bytes from 0x4
|<10>| READ: read 5 bytes from 0x4
|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<10>| RB: Requested 5 bytes
|<5>| REC[0xb78c10]: SSL 3.1 Handshake packet received. Epoch 0, length: 781
|<5>| REC[0xb78c10]: Expected Packet Handshake(22)
|<5>| REC[0xb78c10]: Received Packet Handshake(22) with length: 781
|<10>| READ: Got 781 bytes from 0x4
|<10>| READ: read 781 bytes from 0x4
|<10>| RB: Have 5 bytes into buffer. Adding 781 bytes.
|<10>| RB: Requested 786 bytes
|<5>| REC[0xb78c10]: Decrypted Packet[2] Handshake(22) with length: 781
|<13>| BUF[REC]: Inserted 781 bytes of Data(22)
|<4>| HSK[0xb78c10]: SERVER KEY EXCHANGE (12) was received. Length 777[777], frag offset 0, frag length: 777, sequence: 0
|<3>| ASSERT: gnutls_buffers.c:1138
|<10>| READ: Got 5 bytes from 0x4
|<10>| READ: read 5 bytes from 0x4
|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<10>| RB: Requested 5 bytes
|<5>| REC[0xb78c10]: SSL 3.1 Handshake packet received. Epoch 0, length: 4
|<5>| REC[0xb78c10]: Expected Packet Handshake(22)
|<5>| REC[0xb78c10]: Received Packet Handshake(22) with length: 4
|<10>| READ: Got 4 bytes from 0x4
|<10>| READ: read 4 bytes from 0x4
|<10>| RB: Have 5 bytes into buffer. Adding 4 bytes.
|<10>| RB: Requested 9 bytes
|<5>| REC[0xb78c10]: Decrypted Packet[3] Handshake(22) with length: 4
|<13>| BUF[REC]: Inserted 4 bytes of Data(22)
|<4>| HSK[0xb78c10]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 1, sequence: 0
|<3>| ASSERT: gnutls_buffers.c:1129
|<3>| ASSERT: gnutls_buffers.c:1358
|<4>| HSK[0xb78c10]: CLIENT KEY EXCHANGE was queued [262 bytes]
|<11>| HWRITE: enqueued [CLIENT KEY EXCHANGE] 262. Total 262 bytes.
|<11>| HWRITE: enqueued [CHANGE CIPHER SPEC] 1. Total 263 bytes.
|<4>| REC[0xb78c10]: Sent ChangeCipherSpec
|<9>| INT: PREMASTER SECRET[256]: XXX
|<9>| INT: CLIENT RANDOM[32]: XXX
|<9>| INT: SERVER RANDOM[32]: XXX
|<9>| INT: MASTER SECRET: XXX
|<5>| REC[0xb78c10]: Initializing epoch #1
|<9>| INT: KEY BLOCK[136]: XXX
|<9>| INT: CLIENT WRITE KEY [32]: XXX
|<9>| INT: SERVER WRITE KEY [32]: XXX
|<5>| REC[0xb78c10]: Epoch #1 ready
|<4>| HSK[0xb78c10]: Cipher Suite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<4>| HSK[0xb78c10]: Initializing internal [write] cipher sessions
|<4>| HSK[0xb78c10]: recording tls-unique CB (send)
|<4>| HSK[0xb78c10]: FINISHED was queued [16 bytes]
|<11>| HWRITE: enqueued [FINISHED] 16. Total 279 bytes.
|<11>| HWRITE FLUSH: 279 bytes in buffer.
|<5>| REC[0xb78c10]: Preparing Packet Handshake(22) with length: 262 and min pad: 0
|<9>| ENC[0xb78c10]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<11>| WRITE: enqueued 267 bytes for 0x4. Total 267 bytes.
|<5>| REC[0xb78c10]: Sent Packet[2] Handshake(22) in epoch 0 and length: 267
|<11>| HWRITE: wrote 1 bytes, 17 bytes left.
|<5>| REC[0xb78c10]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<9>| ENC[0xb78c10]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<11>| WRITE: enqueued 6 bytes for 0x4. Total 273 bytes.
|<5>| REC[0xb78c10]: Sent Packet[3] ChangeCipherSpec(20) in epoch 0 and length: 6
|<11>| HWRITE: wrote 1 bytes, 16 bytes left.
|<5>| REC[0xb78c10]: Preparing Packet Handshake(22) with length: 16 and min pad: 0
|<9>| ENC[0xb78c10]: cipher: CAMELLIA-256-CBC, MAC: SHA1, Epoch: 1
|<11>| WRITE: enqueued 53 bytes for 0x4. Total 326 bytes.
|<5>| REC[0xb78c10]: Sent Packet[1] Handshake(22) in epoch 1 and length: 53
|<11>| HWRITE: wrote 1 bytes, 0 bytes left.
|<11>| WRITE FLUSH: 326 bytes in buffer.
|<11>| WRITE: wrote 326 bytes, 0 bytes left.
|<3>| ASSERT: gnutls_buffers.c:1138
|<10>| READ: Got 5 bytes from 0x4
|<10>| READ: read 5 bytes from 0x4
|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<10>| RB: Requested 5 bytes
|<5>| REC[0xb78c10]: SSL 3.1 Alert packet received. Epoch 0, length: 2
|<5>| REC[0xb78c10]: Expected Packet Handshake(22)
|<5>| REC[0xb78c10]: Received Packet Alert(21) with length: 2
|<10>| READ: Got 2 bytes from 0x4
|<10>| READ: read 2 bytes from 0x4
|<10>| RB: Have 5 bytes into buffer. Adding 2 bytes.
|<10>| RB: Requested 7 bytes
|<5>| REC[0xb78c10]: Decrypted Packet[4] Alert(21) with length: 2
|<5>| REC[0xb78c10]: Alert[2|20] - Bad record MAC - was received
|<3>| ASSERT: gnutls_record.c:795
|<3>| ASSERT: gnutls_record.c:802
|<3>| ASSERT: gnutls_record.c:1322
|<3>| ASSERT: gnutls_buffers.c:1392
|<3>| ASSERT: gnutls_handshake.c:1428
|<3>| ASSERT: session_ticket.c:663
|<3>| ASSERT: gnutls_handshake.c:2839
*** Fatal error: A TLS fatal alert has been received.
|<5>| REC: Sending Alert[2|80] - Internal error
|<5>| REC[0xb78c10]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<9>| ENC[0xb78c10]: cipher: CAMELLIA-256-CBC, MAC: SHA1, Epoch: 1
|<11>| WRITE: enqueued 37 bytes for 0x4. Total 37 bytes.
|<11>| WRITE FLUSH: 37 bytes in buffer.
|<11>| WRITE: wrote 37 bytes, 0 bytes left.
|<5>| REC[0xb78c10]: Sent Packet[2] Alert(21) in epoch 1 and length: 37
*** Handshake has failed
GnuTLS error: A TLS fatal alert has been received.
|<5>| REC[0xb78c10]: Start of epoch cleanup
|<5>| REC[0xb78c10]: End of epoch cleanup
|<5>| REC[0xb78c10]: Epoch #0 freed
|<5>| REC[0xb78c10]: Epoch #1 freed
Processed 181 CA certificate(s).
Resolving 'imap.suse.de'...
Connecting to '195.135.220.8:993'...
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
 - subject `C=DE,ST=Franconia,L=Nuremberg,O=SUSE Linux Products GmbH,OU=OPS Services,CN=imap.suse.de,EMAIL=rd-adm at suse.de', issuer `C=DE,ST=Franconia,L=Nuremberg,O=SUSE Linux Products GmbH,OU=OPS Services,CN=SUSE CA suse.de,EMAIL=rd-adm at suse.de', RSA key 2048 bits, signed using RSA-SHA256, activated `2014-12-03 00:00:00 UTC', expires `2017-12-02 23:59:59 UTC', SHA-1 fingerprint `3d085909c92c15637c706b2f6cf1af1f2e8cf6d9'
	Public Key ID:
		ca59d8e04c7e4a446c5c0fcec7997d9075434516
	Public key's random art:
		+--[ RSA 2048]----+
		|     o..o   .ooEB|
		|     .+o + +.. o.|
		|     .+ o * . .  |
		|     * + .   .   |
		|      * S        |
		|     o *         |
		|      =          |
		|                 |
		|                 |
		+-----------------+

- Certificate[1] info:
 - subject `C=DE,ST=Franconia,L=Nuremberg,O=SUSE Linux Products GmbH,OU=OPS Services,CN=SUSE CA suse.de,EMAIL=rd-adm at suse.de', issuer `C=DE,ST=Franconia,L=Nuremberg,O=SUSE Linux Products GmbH,OU=OPS Services,CN=SUSE CA Root,EMAIL=rd-adm at suse.de', RSA key 4096 bits, signed using RSA-SHA256, activated `2011-12-06 00:00:00 UTC', expires `2021-12-05 23:59:59 UTC', SHA-1 fingerprint `4e3b2003a94add28ad7f570d7d81522c877a9b86'
- Certificate[2] info:
 - subject `C=DE,ST=Franconia,L=Nuremberg,O=SUSE Linux Products GmbH,OU=OPS Services,CN=SUSE CA Root,EMAIL=rd-adm at suse.de', issuer `C=DE,ST=Franconia,L=Nuremberg,O=SUSE Linux Products GmbH,OU=OPS Services,CN=SUSE Trust Root,EMAIL=rd-adm at suse.de', RSA key 4096 bits, signed using RSA-SHA256, activated `2011-12-06 00:00:00 UTC', expires `2026-12-05 23:59:59 UTC', SHA-1 fingerprint `b0eabacc264d3814ff88b9651f3375f67530e4a6'
- Certificate[3] info:
 - subject `C=DE,ST=Franconia,L=Nuremberg,O=SUSE Linux Products GmbH,OU=OPS Services,CN=SUSE Trust Root,EMAIL=rd-adm at suse.de', issuer `C=DE,ST=Franconia,L=Nuremberg,O=SUSE Linux Products GmbH,OU=OPS Services,CN=SUSE Trust Root,EMAIL=rd-adm at suse.de', RSA key 4096 bits, signed using RSA-SHA256, activated `2011-12-06 00:00:00 UTC', expires `2041-12-05 23:59:59 UTC', SHA-1 fingerprint `d1311a7e8c2a04dd81c923f3410f2d752f0b7681'
- Status: The certificate is trusted. 
*** Received alert [20]: Bad record MAC

More information about the Pkg-gnutls-maint mailing list