Package: fetchmail Version: 6.3.9~rc2-4 Severity: normal When using fetchmail with a server certificate signed using sha256WithRSAEncryption algorithm, fetchmail fails.
fetchmail -v reports fetchmail: Server certificate verification error: certificate signature failure 4778:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:141: 4778:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:951: fetchmail: SSL connection failed. SHA256 is now the recommended algorithm for signatures by french DCSSI (the IT security body). MPD5 is broken, and SHA1 has shown problems. Moreover, openssl itself knows the algorithm since a openssl s_client works on the same server. -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages fetchmail depends on: ii adduser 3.110 add and remove users and groups ii debianutils 2.30 Miscellaneous utilities specific t ii libc6 2.7-18 GNU C Library: Shared libraries ii libcomerr2 1.41.3-1 common error description library ii libkrb53 1.6.dfsg.4~beta1-5 MIT Kerberos runtime libraries ii libssl0.9.8 0.9.8g-15 SSL shared libraries ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip Versions of packages fetchmail recommends: ii ca-certificates 20080809 Common CA certificates Versions of packages fetchmail suggests: pn fetchmailconf <none> (no description available) ii postfix [mail-transport-agent 2.5.5-1.1 High-performance mail transport ag ii resolvconf 1.42 name server information handler -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

