Bug#636446: marked as done (Fails to verify TLS certificate: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed)

Fri, 25 May 2012 13:57:18 -0700 

Your message dated Fri, 25 May 2012 22:52:14 +0200
with message-id <1337979134.4951.0.camel@kirk>
and subject line Re: Bug#636446: Fails to verify TLS certificate: 
SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
has caused the Debian Bug report #636446,
regarding Fails to verify TLS certificate: 
SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
636446: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636446
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: sieve-connect
Version: 0.81-1
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

when trying to connect to my dovecot based sieve server at
mail.nomeata.de, I get this error message:

STARTTLS promotion failed: SSL connect attempt failed with unknown
errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed

The full log with use IO::Socket::SSL qw/debug3/ enabled is:

connection: trying <[mail.nomeata.de]:sieve(4190)>
connection: remote host address is [78.47.178.158] port [4190]
<<< "IMPLEMENTATION" "dovecot"\r\n
<<< "SIEVE" "fileinto reject envelope encoded-character vacation subaddress 
comparator-i;ascii-numeric relational regex imap4flags copy include variables 
body enotify environment mailbox date"\r\n
<<< "SASL" "PLAIN LOGIN"\r\n
<<< "STARTTLS"\r\n
<<< "NOTIFY" "mailto"\r\n
<<< "VERSION" "1.0"\r\n
<<< OK "Dovecot ready."
>>> STARTTLS\r\n
<<< OK "Begin TLS negotiation now."\r\n
DEBUG: .../IO/Socket/SSL.pm:1481: new ctx 31232288
DEBUG: .../IO/Socket/SSL.pm:945: start handshake
DEBUG: .../IO/Socket/SSL.pm:349: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:392: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1212: SSL connect attempt failed with unknown 
errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify 
failed

DEBUG: .../IO/Socket/SSL.pm:398: fatal SSL error: SSL connect attempt failed 
with unknown errorerror:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:1518: free ctx 31232288 open=31232288
DEBUG: .../IO/Socket/SSL.pm:1526: OK free ctx 31232288
STARTTLS promotion failed: SSL connect attempt failed with unknown 
errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify 
failed


With --notslverify it works. The certificate is signed by CAcert, which
is included in my /etc/ssl/certs directory.

With best regards,
Joachim


- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages sieve-connect depends on:
ii  libauthen-sasl-perl           2.1500-1   Authen::SASL - SASL Authentication
ii  libio-socket-inet6-perl       2.65-1.1   Object interface for AF_INET6 doma
ii  libio-socket-ssl-perl         1.43-1     Perl module implementing object or
ii  libterm-readkey-perl          2.30-4+b1  A perl module for simple terminal 
ii  perl [libmime-base64-perl]    5.12.4-1   Larry Wall's Practical Extraction 
ii  perl-modules                  5.12.4-1   Core Perl modules

sieve-connect recommends no packages.

sieve-connect suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk44+jYACgkQ9ijrk0dDIGzP7wCcDdVculzF3JSAd/OqIvRxGRa1
LcEAoIQyR1W76lPQ5REW9IsjqG7C3X6y
=puJX
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Version: 0.83-1

Am Donnerstag, den 24.05.2012, 21:27 -0700 schrieb Andrew Pollock:
> On Wed, Aug 03, 2011 at 09:35:18AM +0200, Joachim Breitner wrote:
> > Package: sieve-connect
> > Version: 0.81-1
> > Severity: normal
> > 
> 
> [snip]
> 
> Would you mind trying with 0.83-1, which I've just uploaded to unstable?

looks good, thanks,
Joachim
-- 
Joachim "nomeata" Breitner
Debian Developer
  [email protected] | ICQ# 74513189 | GPG-Keyid: 4743206C
  JID: [email protected] | http://people.debian.org/~nomeata

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---

Reply via email to