Your message dated Thu, 23 Apr 2009 16:25:52 +0200
with message-id <[email protected]>
and subject line Re: Bug#513462: ssl support in fetchmail does not supporrt
SHA256
has caused the Debian Bug report #513462,
regarding ssl support in fetchmail does not supporrt SHA256
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
513462: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513462
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: fetchmail
Version: 6.3.9~rc2-4
Severity: normal
When using fetchmail with a server certificate signed using
sha256WithRSAEncryption algorithm, fetchmail fails.
fetchmail -v reports
fetchmail: Server certificate verification error: certificate signature failure
4778:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message
digest algorithm:a_verify.c:141:
4778:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed:s3_clnt.c:951:
fetchmail: SSL connection failed.
SHA256 is now the recommended algorithm for signatures by french DCSSI
(the IT security body). MPD5 is broken, and SHA1 has shown problems.
Moreover, openssl itself knows the algorithm since a
openssl s_client works on the same server.
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages fetchmail depends on:
ii adduser 3.110 add and remove users and groups
ii debianutils 2.30 Miscellaneous utilities specific t
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcomerr2 1.41.3-1 common error description library
ii libkrb53 1.6.dfsg.4~beta1-5 MIT Kerberos runtime libraries
ii libssl0.9.8 0.9.8g-15 SSL shared libraries
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
Versions of packages fetchmail recommends:
ii ca-certificates 20080809 Common CA certificates
Versions of packages fetchmail suggests:
pn fetchmailconf <none> (no description available)
ii postfix [mail-transport-agent 2.5.5-1.1 High-performance mail transport ag
ii resolvconf 1.42 name server information handler
-- no debconf information
--- End Message ---
--- Begin Message ---
Not a fetchmail bug: fetchmail does not select/limit message digest
algorithms.
--- End Message ---
