Your message dated Tue, 19 Aug 2025 09:09:14 -0700
with message-id <3047078.TLnPLrj5Ze@soren-desktop>
and subject line Re: Bug#278993: courier-imap-ssl: ssl certificate is always
created with same serial number -- mozilla complains
has caused the Debian Bug report #278993,
regarding courier-imap-ssl: ssl certificate is always created with same serial
number -- mozilla complains
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
278993: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278993
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: courier-imap-ssl
Version: 3.0.8-3
Severity: normal
In /usr/sbin/mkimapdcert ,
req is called without the -set_serial flag, so the certificate serial
number is always zero. This can cause problems when the certificate
expires, because mozilla will complain that it has two different
certificates from the same CA that have the same serial number.
Mozilla will then refuse to connect to courier.
A CA is not supposed to make two certificates with the same serial number,
otherwise things like CRLs won't work.
So, I'd suggest using the time as the serial number (as a quick fix):
req -set_serial $(date +%s) ...
Perhaps something better can be managed, but that will fix all but
the strangest cases of use.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-1-686
Locale: LANG=C, LC_CTYPE=C
Versions of packages courier-imap-ssl depends on:
ii courier-imap 3.0.8-3 Courier Mail Server - IMAP server
ii courier-ssl 0.47-3 Courier Mail Server - SSL/TLS Supp
ii openssl 0.9.7d-5 Secure Socket Layer (SSL) binary a
-- no debconf information
--- End Message ---
--- Begin Message ---
On Monday, August 18, 2025 7:08:35 PM Mountain Standard Time G Kochanski
wrote:
> I'm sorry. It's been somewhere between 10 and 20 years, and I don't
> remember the bug, and don't use courier any more.
Thank you for your quick response. I will close the bug report. If anyone
else is experiencing this issue, please feel free to reopen it.
--
Soren Stoutner
[email protected]
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
