Package: mutt
Version: 1.5.18-6
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This bug holds good for both mutt and mutt-patched.
I start with an empty certificate_file and run mutt, the session looks like
this:
OUT: -- Mutt: TLS/SSL Certificate check
OUT: (r)eject, accept (o)nce, (a)ccept always
IN: a
OUT: Certificate saved
OUT: Password for app...@mail.appaji.net:
IN: password
ALL OK
QUIT
OUT: -- Mutt: TLS/SSL Certificate check
OUT: (r)eject, accept (o)nce, (a)ccept always
IN: a
OUT: Warning: Couldn't save certificate
I poked around mutt code a bit and it looks like the failure is from here:
mutt_ssl_gnutls.c : tls_check_one_certificate
822 if ((fp = fopen (SslCertFile, "a")))
823 {
...
830 if (certerr_nottrusted)
831 {
832 done = 0;
833 ret = gnutls_pem_base64_encode_alloc ("CERTIFICATE", certdata,
834 &pemdata);
835 if (ret == 0)
836 {
837 if (fwrite (pemdata.data, pemdata.size, 1, fp) == 1)
838 {
839 done = 1;
840 }
...
846 if (!done)
847 {
848 mutt_error (_("Warning: Couldn't save certificate"));
849 mutt_sleep (2);
850 }
Turns out that certerr_nottrusted was 0 and it is set on the basis of certstat
in the same function. I don't have a log of further investigation but AFAIR,
certstat was GNUTLS_CERT_INSECURE_ALGORITHM.
Please let me know if you need more information.
Giridhar
- -- Package-specific info:
Mutt 1.5.18 (2008-05-17)
Copyright (C) 1996-2008 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: Linux 2.6.29-1-686 (i686)
ncurses: ncurses 5.7.20090411 (compiled with 5.7)
libidn: 1.14 (compiled with 1.10)
hcache backend: GDBM version 1.8.3. 10/15/2002 (built Aug 27 2008 09:23:18)
Compile options:
- -DOMAIN
+DEBUG
- -HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE
+USE_FCNTL -USE_FLOCK
+USE_POP +USE_IMAP +USE_SMTP +USE_GSS -USE_SSL_OPENSSL +USE_SSL_GNUTLS
+USE_SASL +HAVE_GETADDRINFO
+HAVE_REGCOMP -USE_GNU_REGEX
+HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET
+HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME -CRYPT_BACKEND_GPGME
- -EXACT_ADDRESS -SUN_ATTACHMENT
+ENABLE_NLS -LOCALES_HACK +COMPRESSED +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET
+HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS +HAVE_LIBIDN +HAVE_GETSID +USE_HCACHE
- -ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
MIXMASTER="mixmaster"
To contact the developers, please mail to .
To report a bug, please visit http://bugs.mutt.org/.
patch-1.5.13.cd.ifdef.2
patch-1.5.13.cd.purge_message.3.4
patch-1.5.13.nt+ab.xtitles.4
patch-1.5.18.sidebar.20080611.txt
patch-1.5.4.vk.pgp_verbose_mime
patch-1.5.6.dw.maildir-mtime.1
patch-1.5.8.hr.sensible_browser_position.3
- -- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (800, 'unstable'), (700, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.29-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages mutt depends on:
ii libc62.9-8 GNU C Library: Shared libraries
ii libcomerr2 1.41.5-1common error description library
ii libgdbm3 1.8.3-4 GNU dbm database routines (runtime
ii libgnutls26 2.6.5-1 the GNU TLS library - runtime libr
ii libidn11 1.14-3 GNU Libidn library, implementation
ii libkrb53 1.6.dfsg.4~beta1-13 Transitional library package/krb4
ii libncursesw5 5.7+20090411-1 shared libraries for terminal hand
ii libsasl2-2 2.1.22.dfsg1-23 Cyrus SASL - authentication abstra
Versions of packages mutt recommends:
ii exim4-daemon-light [mail-tran 4.69-9 lightweight Exim MTA (v4) daemon
ii locales 2.9-8 GNU C Library: National Language (
ii mime-support 3.44-1 MIME files 'mime.types' & 'mailcap
Versions of packages mutt suggests:
ii aspell 0.60.6-1 GNU Aspell spell-checker
ii ca-certificates 20081127 Common CA certificates
ii gnupg 1.4.9-4 GNU privacy guard - a free PGP rep
ii ispell 3.1.20.0-4.4 International Ispell (an interacti
pn mixmaster (no description available)
ii openssl 0.9.8g-16Secure Socket Layer (SSL) binary a
pn urlview