Your message dated Fri, 23 Jun 2006 07:17:50 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#297174: Can't reproduce anymore?
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: exim4-daemon-heavy
Version: 4.44-2
Severity: important
Our exim4 installation is configured to advertise SMTP AUTH only after
STARTTLS. The relevant part of exim4.conf.template looks like this:
log_selector = +tls_cipher +tls_peerdn
tls_advertise_hosts = *
tls_certificate = CONFDIR/ssl/server.crt
tls_privatekey = CONFDIR/ssl/server.key
The certificate is signed by a self created and self signed CA.
If I now try to connect/authenticate with a MUA like Thunderbird I get
an error on every second connection attempt. The corresponding log
entries looks like this:
2005-02-27 18:26:42 TLS error on connection from
dialin-212-144-131-181.arcor-ip.net [212.144.131.181]
(gnutls_handshake): A TLS fatal alert has been received.
and Thunderbird displays a error message saying: server has sent an
incorrect or unexpected message. Error Code: -12244.
It doesn't matter if I import the CA certificate or accept the server
certificate.
Other MUAs behave slightly different. E.g. Opera Mail succeeds only on
the first sent message and fails on every subsequent connection attempt,
kmail seems to work properly.
As a workaround I recompiled exim4 and linked it against libgnutls10 and
the errors were gone.
So the question is:
* Is it a misconfiguration of exim4 (unlikely as it works with libgnutl10)?
* Is it a bug in exim4?
* Is it a bug in libgnutls11 or is libgnutls11 just stricter and more
picky during the tls handshake?
* Are the MUAs buggy?
What can I do to solve this problme? Linking against the old gnutls lib
doesn't seem to be a good solution for me.
If you think this is a bug in libgnutls11 feel free to reassign the bug.
Cheers,
Michael
--
------------------------------------------------------------
E-Mail: [EMAIL PROTECTED]
WWW: http://www.teco.edu/
TecO (Telecooperation Office) Vincenz-Priessnitz-Str.1
University of Karlsruhe 76131 Karlsruhe, Germany
------------------------------------------------------------
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Version: 4.62-1
On Fri, Jun 23, 2006 at 05:39:38AM +0200, Michael Biebl wrote:
> As promised, I checked if exim4 in etch/unstable is still affected by
> this problem. If I run the identical setup which triggered the bug on a
> stable system on a current etch/unstable system, everything is working
> fine.
> ATM, libldap2 on etch is linked against libgnutls12, exim4 against
> libgnutls13.
> On unstable both are compiled against libgnutls13.
> So it seems that libgnutls11 is the culprit and the bug can be closed
> safely.
Thank you very much for your efforts. I really appreciate that.
> You could also tag it "sarge" and close it when etch is released but I'm
> not sure if this is still the recommended way to indicate that it is a
> bug affecting the sarge version.
I am going to mark this bug as "fixed in 4.62-1" which is the current
version in etch and unstable. Thus, the bug will still show up when
querying for bugs against sarge, and will be hidden when querying for
bugs against etch and sid.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
--- End Message ---
