Your message dated Sat, 12 Aug 2023 13:50:43 +0000 with message-id <[email protected]> and subject line Bug#1043233: fixed in exim4 4.96-19 has caused the Debian Bug report #1043233, regarding exim4-base: On-connect auto-generated self-signed certificates have expired end date to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1043233: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043233 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: exim4-base Version: 4.96-15+deb12u1 Severity: normal Hello, When using built-in on-connect auto-generated self-signed certificates (i.e., not installing "real" SSL/TLS certificates), the ones that are auto-generated appear to have a date in the past (1970-01-01 02:00:00 UTC) as their end date: glimmer:~$ gnutls-cli --starttls-proto=smtp 127.0.0.1 Processed 140 CA certificate(s). Resolving '127.0.0.1:smtp'... Connecting to '127.0.0.1:25'... - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - subject `CN=glimmer.localdomain,O=Exim Developers,C=UK', issuer `CN=glimmer.localdomain,O=Exim Developers,C=UK', serial 0x0100000000000000, RSA key 3072 bits, signed using RSA-SHA256, activated `2023-08-07 17:40:16 UTC', expires `1970-01-01 02:00:00 UTC', pin-sha256="40P5jkI8FD97/oh+CYdi4BJH1nfhpfk0BFH/25j3yK4=" Public Key ID: sha1:179da7ef14d6fdcea2d6894405c3531976f5b4df sha256:e343f98e423c143f7bfe887e098762e01247d677e1a5f9340451ffdb98f7c8ae Public Key PIN: pin-sha256:40P5jkI8FD97/oh+CYdi4BJH1nfhpfk0BFH/25j3yK4= - Status: The certificate is NOT trusted. The certificate issuer is unknown. The certificate chain uses expired certificate. The name in the certificate does not match the expected. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. glimmer:~$ openssl s_client -starttls smtp -connect 127.0.0.1:25 -showcerts < /dev/null CONNECTED(00000003) Can't use SSL_get_servername depth=0 C = UK, O = Exim Developers, CN = glimmer.localdomain verify error:num=18:self-signed certificate verify return:1 depth=0 C = UK, O = Exim Developers, CN = glimmer.localdomain verify error:num=10:certificate has expired notAfter=Jan 1 02:00:00 1970 GMT verify return:1 depth=0 C = UK, O = Exim Developers, CN = glimmer.localdomain notAfter=Jan 1 02:00:00 1970 GMT verify return:1 --- Certificate chain 0 s:C = UK, O = Exim Developers, CN = glimmer.localdomain i:C = UK, O = Exim Developers, CN = glimmer.localdomain a:PKEY: rsaEncryption, 3072 (bit); sigalg: RSA-SHA256 v:NotBefore: Aug 7 17:40:16 2023 GMT; NotAfter: Jan 1 02:00:00 1970 GMT -----BEGIN CERTIFICATE----- MIIECjCCAnKgAwIBAgIIAQAAAAAAAAAwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UE BhMCVUsxGDAWBgNVBAoTD0V4aW0gRGV2ZWxvcGVyczEcMBoGA1UEAxMTZ2xpbW1l ci5sb2NhbGRvbWFpbjAeFw0yMzA4MDcxNzQwMTZaFw03MDAxMDEwMjAwMDBaMEUx CzAJBgNVBAYTAlVLMRgwFgYDVQQKEw9FeGltIERldmVsb3BlcnMxHDAaBgNVBAMT E2dsaW1tZXIubG9jYWxkb21haW4wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK AoIBgQDGRNkITNJlkX7AuyCPPtsjyPXR0sPBi4AYCRAl+z6CDj5FnsS4Z9livnkj gqImvcjPfCG4jgezIeOysrKMiDXKQ+qglVFRGrvEPBHyqdA1M184Ul3MqJhbhiKW Gd1t9ApY8oaXE4KWQKMIaZccKWtGtwobe5RkqLbcCT3YzxXGiUIUogaYA1iaKlc+ 08eCP4NoUZRpQG7Anl5QZAwrxqNx+VIc2rWcBl8QAXJ6+Fuo0QztXxEgYvKLZ3he xgvT9d/Is5oOqHplzfuJTXlslDbyKCZICwwBiDg2zywa/B2ai769nJzTks1tOp10 2ZxtpV0qUV1QPH1nuus9hElEl6rzW7riI9ptrDQR8Jc3CmjCHcy6g8f+ZJTrB4Z3 sYwCXfZZo1W5nd+DNY9hhQatCYx5Tnz72vzOvRW+Jcjh6FMTEXi8akYvlFyXy+Op 4M5QKCoIPigOaUiu4+RAtKdV5sJJuBJ0VoF5T/K3QIfgWejdpORbxiZU4710FWAW flBIl2UCAwEAATANBgkqhkiG9w0BAQsFAAOCAYEABpatvsQ+KjWFp+TskSYyVoib Vsii1l2y99Dg6nxy8PGQz3hlt/olhIYwN3+X/DNL0Wrn6Rgx1HIeQICbMYryoKg3 Fv1+iqlLOtTYJ/kJJl1Gjx2PbOTrFlEcsP49dAHkHn+Jfvfb2k3LwsELv/Xs7+8N qKp7lg+wwmEwCy5lAJDf/i9SF3kJFBm/HHt01MaHFpVo8zP02MoL2KRjBQOUAcRl bxHkt7NZV+bpBFZxAJBJlJLqaCwwtYdfpgUytXxiOiHPOWBgL2vhBqGIuddha69W 6ISHD9auJuX1dxsyg7wWYhlt0P4JCPSXSfYx3vXY6kzQ3Snctwz3hVup4URsKtdJ PvnEXUfLQwNE2Vg3Z4j6YL3y6xMFX0BpwiCIpgcRXv2KfoD/KG2NscXygXW+bYvb 3alu3U8KPVGFDToOleWmZ/1dCXZMv8fctsJD+tD3tvX07fEVa9TpI0tANM2tc0QH BVVr/G5fBDmBcXc9ADmbUIT8yJ/JSXdCuskG35+M -----END CERTIFICATE----- --- Server certificate subject=C = UK, O = Exim Developers, CN = glimmer.localdomain issuer=C = UK, O = Exim Developers, CN = glimmer.localdomain --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1992 bytes and written 410 bytes Verification error: certificate has expired --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 3072 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 10 (certificate has expired) --- 250 HELP DONE I would have expected the auto-generated certificates to have at least some limited validity period. Best regards Björn -- Package-specific info: Exim version 4.96 #2 built 02-Jul-2023 12:56:17 Copyright (c) University of Cambridge, 1995 - 2018 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2022 Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013) Support for: crypteq iconv() IPv6 GnuTLS TLS_resume move_frozen_messages DANE DKIM DNSSEC Event I18N OCSP PIPECONNECT PRDR Queue_Ramp SOCKS SRS TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd Authenticators: cram_md5 external plaintext Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp Fixed never_users: 0 Configure owner: 0:0 Size of off_t: 8 Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated Configuration file is /var/lib/exim4/config.autogenerated # /etc/exim4/update-exim4.conf.conf # # Edit this file and /etc/mailname by hand and execute update-exim4.conf # yourself or use 'dpkg-reconfigure exim4-config' # # Please note that this is _not_ a dpkg-conffile and that automatic changes # to this file might happen. The code handling this will honor your local # changes, so this is usually fine, but will break local schemes that mess # around with multiple versions of the file. # # update-exim4.conf uses this file to determine variable values to generate # exim configuration macros for the configuration file. # # Most settings found in here do have corresponding questions in the # Debconf configuration, but not all of them. # # This is a Debian specific file dc_eximconfig_configtype='local' dc_other_hostnames='glimmer;localhost.localdomain' dc_local_interfaces='127.0.0.1 ; ::1' dc_readhost='' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='' CFILEMODE='644' dc_use_split_config='true' dc_hide_mailname='' dc_mailname_in_oh='true' dc_localdelivery='mail_spool' mailname:glimmer.localdomain # /etc/default/exim4 EX4DEF_VERSION='' # 'combined' - one daemon running queue and listening on SMTP port # 'no' - no daemon running the queue # 'separate' - two separate daemons # 'ppp' - only run queue with /etc/ppp/ip-up.d/exim4. # 'nodaemon' - no daemon is started at all. # 'queueonly' - only a queue running daemon is started, no SMTP listener. # setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4 QUEUERUNNER='combined' # how often should we run the queue QUEUEINTERVAL='30m' # options common to quez-runner and listening daemon COMMONOPTIONS='' # more options for the daemon/process running the queue (applies to the one # started in /etc/ppp/ip-up.d/exim4, too. QUEUERUNNEROPTIONS='' # special flags given to exim directly after the -q. See exim(8) QFLAGS='' # Options for the SMTP listener daemon. By default, it is listening on # port 25 only. To listen on more ports, it is recommended to use # -oX 25:587:10025 -oP /run/exim4/exim.pid SMTPLISTENEROPTIONS='' -- System Information: Debian Release: 12.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-10-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages exim4-base depends on: ii adduser 3.134 ii cron [cron-daemon] 3.0pl1-162 ii debconf [debconf-2.0] 1.5.82 ii exim4-config [exim4-config-2] 4.96-15+deb12u1 ii libc6 2.36-9+deb12u1 ii libdb5.3 5.3.28+dfsg2-1 ii netbase 6.4 ii systemd-sysv 252.12-1~deb12u1 Versions of packages exim4-base recommends: ii mailutils [mailx] 1:3.15-4 ii psmisc 23.6-1 Versions of packages exim4-base suggests: ii emacs-nox [mail-reader] 1:28.2+1-15 pn exim4-doc-html | exim4-doc-info <none> pn eximon4 <none> ii file 1:5.44-3 ii gnutls-bin 3.7.9-2 ii mailutils [mail-reader] 1:3.15-4 ii openssl 3.0.9-1 pn spf-tools-perl <none> pn swaks <none> -- debconf information: exim4-base/drec: exim4/purge_spool: false
--- End Message ---
--- Begin Message ---Source: exim4 Source-Version: 4.96-19 Done: Andreas Metzler <[email protected]> We believe that the bug you reported is fixed in the latest version of exim4, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Metzler <[email protected]> (supplier of updated exim4 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 12 Aug 2023 14:57:51 +0200 Source: exim4 Architecture: source Version: 4.96-19 Distribution: unstable Urgency: medium Maintainer: Exim4 Maintainers <[email protected]> Changed-By: Andreas Metzler <[email protected]> Closes: 1043233 Changes: exim4 (4.96-19) unstable; urgency=medium . * 77_fix_autogencert_expiry.diff: Fix on-demand TLS cert expiry date. Closes: #1043233 Checksums-Sha1: e2fac56a1b2f7cff8ce83904eb53cd5fbcf8baba 2891 exim4_4.96-19.dsc f479eb45de8dd0ad1f46eb6beed294c9dd10d02e 494836 exim4_4.96-19.debian.tar.xz Checksums-Sha256: 945074c2d2504602df92bc67accefc074c15fd9378409afef00016b57de3b31e 2891 exim4_4.96-19.dsc 98da8fe48936c72c10846ea2e7f4d019def5bf24543f5e162b9765408411784c 494836 exim4_4.96-19.debian.tar.xz Files: 62d9b470f89af2f0808ad50676ac1e9b 2891 mail standard exim4_4.96-19.dsc fe535f268a8e91357bd990703dbe7650 494836 mail standard exim4_4.96-19.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmTXg40ACgkQpU8BhUOC FITY4hAAotLHNIgQ5dS3KU7Hjc7Fjp2N8vzYrB9p0qOjjYQcvOCuHM/RwYCBAWwc 08tKRIaKhZhaFuj+LhRkWK8zLEvUv2+YXPjY1QFY2HcUvCMTKNrtS6Mdn3ru+Fdd sbgrB+VBJ+e/a1vLeic4XUJkrSO5UhTsyTsLqO30Y7L0Uxm4dGkDQZRNJ1w/Bpzw Y/NZ0WiRsN2vbuaXM1PRLN5sf6JSuGvcDYzEatRgdkMqLbod7NfBDh+hCrWN629A yQyShVV2eMy3whqrpn51zjtcyWS1t2aHzAjLkUAlpJFNLe+zg3ZSFxEXMKXCxQd7 QycoTRSgAReFI2GU2/rHF7OoYZ6mOqpSLzJeUGuyYoZ0KdkBhUR01MThzniVXSiR MGhsV08FIXB7D0g1lgJLpbwlUUDuzdX9CGPOTsc1YjKYoZHwtra87MXBwZDHa1QS epzlGsqnhnwqXSju4CgQD4BePg/id0iL0SpkDbOKucl65MJ2PbbUjQe7kurbeuB6 skDutay0zVaCYdZv80o/jk4NXJ5SUFUOHTIKD/cJoTppR7OkfL5s3Lf4H/fxvXRe j4qIHz/FKbAdITqTfajwxAncqoCI3SRr3TCOYdgDhZDHRgkzdW4NqTQMlZ4UCpdu bdjDUj62R8lR8GCBqeckGQM+P7M7yDCRjChRMRWAzVrSPuEla84= =4NGK -----END PGP SIGNATURE-----
--- End Message ---
