Bug#809842: marked as done (xchat: "certificate not trusted" error even with "Accept invalid certificate")

Sat, 30 Jan 2016 10:24:12 -0800 

Your message dated Sat, 30 Jan 2016 18:16:42 +0000
with message-id <[email protected]>
and subject line Bug#811007: Removed package(s) from unstable
has caused the Debian Bug report #809842,
regarding xchat: "certificate not trusted" error even with "Accept invalid 
certificate"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
809842: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809842
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: xchat
Version: 2.8.8-7.3
Severity: normal
Tags: patch

Dear Maintainer,

when connecting to the irc.hackint.org server, xchat gives the following error,
even when "Accept invalid SSL certificate" has been selected in the network
properties:

* Connection failed. Error: certificate not trusted.? (27)

This only happens when this is the second or later connection opened by the
running xchat process. If irc.hackint.org is the first connection, it correctly
ignores the untrusted certificate:

* * Verify E: unable to get local issuer certificate.? (20) -- Ignored

This server uses a chain of intermediate CA certificates (not a self-signed
certificate), and the root CA is not trusted by openssl on my system. Since
"Accept invalid SSL certificate" has been selected, I believe xchat should
still allow me to connect to this server.


It appears that in this case, SSL_get_verify_result() returns 27
(X509_V_ERR_CERT_UNTRUSTED), which is not one of the return values that gets
ignored by the "Accept invalid SSL certificate" option. I don't know why the
return value is different for the first connection.

The attached patch adds X509_V_ERR_CERT_UNTRUSTED to the list of return values
that are ignored when the "Accept invalid SSL certificate" is selected.

Best regards
Tomaž

-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.1+ (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages xchat depends on:
ii  libatk1.0-0          2.14.0-1
ii  libc6                2.19-18+deb8u1
ii  libcairo2            1.14.0-2.1
ii  libdbus-1-3          1.8.20-0+deb8u1
ii  libdbus-glib-1-2     0.102-1
ii  libfontconfig1       2.11.0-6.3
ii  libfreetype6         2.5.2-3+deb8u1
ii  libgdk-pixbuf2.0-0   2.31.1-2+deb8u4
ii  libglib2.0-0         2.42.1-1
ii  libgtk2.0-0          2.24.25-3
ii  libpango-1.0-0       1.36.8-3
ii  libpangocairo-1.0-0  1.36.8-3
ii  libpangoft2-1.0-0    1.36.8-3
ii  libperl5.20          5.20.2-3+deb8u1
ii  libsexy2             0.1.11-2.1
ii  libssl1.0.0          1.0.1k-3+deb8u2
ii  libx11-6             2:1.6.2-3
ii  xchat-common         2.8.8-7.3

Versions of packages xchat recommends:
ii  alsa-utils     1.0.28-1
ii  libnotify-bin  0.7.6-2
ii  libnotify4     0.7.6-2
ii  libpython2.7   2.7.9-2
ii  libtcl8.6      8.6.2+dfsg-2
ii  xdg-utils      1.1.0~rc1+git20111210-7.4
ii  zlib1g         1:1.2.8.dfsg-2+b1

xchat suggests no packages.

-- no debconf information

Index: xchat-2.8.8/src/common/server.c
===================================================================
--- xchat-2.8.8.orig/src/common/server.c	2015-12-28 19:51:11.018589143 +0100
+++ xchat-2.8.8/src/common/server.c	2015-12-28 19:51:56.541337114 +0100
@@ -722,6 +722,7 @@
 		case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
 		case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
 		case X509_V_ERR_CERT_HAS_EXPIRED:
+		case X509_V_ERR_CERT_UNTRUSTED:
 			if (serv->accept_invalid_cert)
 			{
 				snprintf (buf, sizeof (buf), "* Verify E: %s.? (%d) -- Ignored",

--- End Message ---
--- Begin Message --- 
Version: 2.8.8-7.3+rm

Dear submitter,

as the package xchat has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/811007

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---

Reply via email to