[Pkg-telepathy-maintainers] Bug#639667: telepathy-gabble: Claims my server's certificate is self-signed

Sam Morris sam at robots.org.uk
Mon Aug 29 09:17:51 UTC 2011 

Package: telepathy-gabble
Version: 0.13.5-1
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

When connecting to the server for robots.org.uk, Empathy claims that the
CA certificate that signed the server's SSL certificate is self-signed.
However, it has correctly been installed into the
/etc/ssl/certificates/ca-certificates file, and should therefore be
trusted.

The example uses SMTP because I know how to speak it; both services use
a certificate signed by the same CA certificate.

$ gnutls-cli -p 25 crypt.ethx.net --starttls --x509cafile /etc/ssl/certs/ca-certificates.crt 
Processed 159 CA certificate(s).
Resolving 'crypt.ethx.net'...
Connecting to '82.165.27.140:25'...

- - Simple Client Mode:

220 crypt.ethx.net ESMTP Exim 4.72 Mon, 29 Aug 2011 10:12:12 +0100
ehlo sam
250-crypt.ethx.net Hello host-92-21-148-90.as13285.net [92.21.148.90]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-STARTTLS
250 HELP
starttls
220 TLS go ahead
*** Starting TLS handshake
- - Ephemeral Diffie-Hellman parameters
 - Using prime: 2048 bits
 - Secret key: 2045 bits
 - Peer's public key: 2044 bits
- - Certificate type: X.509
 - Got a certificate list of 1 certificates.
 - Certificate[0] info:
  - subject `CN=crypt.ethx.net', issuer `C=GB,O=robots.org.uk,OU=robots.org.uk certificate authority,CN=robots.org.uk certificate authority', RSA key 2048 bits, signed using RSA-SHA1, activated `2010-10-30 14:22:44 UTC', expires `2015-10-29 14:22:44 UTC', SHA-1 fingerprint `712f30a8c82e6a714dd4fc7166c6d9d0b1fcfedf'
- - The hostname in the certificate matches 'crypt.ethx.net'.
- - Peer's certificate is trusted
- - Version: TLS1.0
- - Key Exchange: DHE-RSA
- - Cipher: AES-128-CBC
- - MAC: SHA1
- - Compression: NULL

I have only received this notification since upgrading from squeeze; I'm
not sure if that was because the warning was ignored before, or because
gabble no longer trusts the certificates in
/etc/SSL/certs/ca-certificates.crt.

- -- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (550, 'stable-updates'), (550, 'stable'), (540, 'testing'), (530, 'unstable'), (520, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages telepathy-gabble depends on:
ii  libc6              2.13-16               Embedded GNU C Library: Shared lib
ii  libdbus-1-3        1.4.14-1              simple interprocess messaging syst
ii  libdbus-glib-1-2   0.88-2.1              simple interprocess messaging syst
ii  libglib2.0-0       2.28.6-1              The GLib library of C routines
ii  libgnutls26        2.12.7-7              GNU TLS library - runtime library
ii  libnice10          0.1.0-2               ICE library (shared library)
ii  libsoup2.4-1       2.34.3-1              HTTP library implementation in C -
ii  libsqlite3-0       3.7.7-2               SQLite 3 shared library
ii  libtelepathy-glib0 0.15.5-1              Telepathy framework - GLib library
ii  libxml2            2.7.8.dfsg-2+squeeze1 GNOME XML library

telepathy-gabble recommends no packages.

telepathy-gabble suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk5bWTkACgkQshl/216gEHjTBQCeOkTcdla24PfprO8GuBA8HlE/
exEAni1JojlqRUTJ+y+kQ3kVHhGhlkg9
=IKzB
-----END PGP SIGNATURE-----

More information about the Pkg-telepathy-maintainers mailing list