Bug#527190: mutt: prompts for certificate despite (a)ccept always and saving it

2009-05-29 Thread Robin Lee Powell 
Antonio Radici:  I love you, and want to have your children.[1]

Yes, this would mean I have verified that your patch solves the
problem.  My work day is saved!  \o/

-Robin

[1]: Knowing that I'm male makes that funnier.

-- 
They say:  "The first AIs will be built by the military as weapons."
And I'm  thinking:  "Does it even occur to you to try for something
other  than  the default  outcome?"  See http://shrunklink.com/cdiz
http://www.digitalkingdom.org/~rlpowell/ *** http://www.lojban.org/



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#527190: mutt: prompts for certificate despite (a)ccept always and saving it

2009-05-05 Thread Y Giridhar Appaji Nag 
Package: mutt
Version: 1.5.18-6
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

This bug holds good for both mutt and mutt-patched.

I start with an empty certificate_file and run mutt, the session looks like
this:

  OUT: -- Mutt: TLS/SSL Certificate check
  OUT: (r)eject, accept (o)nce, (a)ccept always
  
  IN: a
  
  OUT: Certificate saved
  OUT: Password for app...@mail.appaji.net:
  
  IN: password
  
  ALL OK
  
  QUIT
  
  OUT: -- Mutt: TLS/SSL Certificate check
  OUT: (r)eject, accept (o)nce, (a)ccept always
  
  IN: a
  
  OUT: Warning: Couldn't save certificate

I poked around mutt code a bit and it looks like the failure is from here:

mutt_ssl_gnutls.c : tls_check_one_certificate

822 if ((fp = fopen (SslCertFile, "a")))
823 {
...
830   if (certerr_nottrusted)
831   {
832 done = 0;
833 ret = gnutls_pem_base64_encode_alloc ("CERTIFICATE", certdata,
834   &pemdata);
835 if (ret == 0)
836 {
837   if (fwrite (pemdata.data, pemdata.size, 1, fp) == 1)
838   {
839 done = 1;
840   }
...
846 if (!done)
847 {
848   mutt_error (_("Warning: Couldn't save certificate"));
849   mutt_sleep (2);
850 }

Turns out that certerr_nottrusted was 0 and it is set on the basis of certstat
in the same function.  I don't have a log of further investigation but AFAIR,
certstat was GNUTLS_CERT_INSECURE_ALGORITHM.

Please let me know if you need more information.

Giridhar

- -- Package-specific info:
Mutt 1.5.18 (2008-05-17)
Copyright (C) 1996-2008 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.

System: Linux 2.6.29-1-686 (i686)
ncurses: ncurses 5.7.20090411 (compiled with 5.7)
libidn: 1.14 (compiled with 1.10)
hcache backend: GDBM version 1.8.3. 10/15/2002 (built Aug 27 2008 09:23:18)
Compile options:
- -DOMAIN
+DEBUG
- -HOMESPOOL  +USE_SETGID  +USE_DOTLOCK  +DL_STANDALONE  
+USE_FCNTL  -USE_FLOCK   
+USE_POP  +USE_IMAP  +USE_SMTP  +USE_GSS  -USE_SSL_OPENSSL  +USE_SSL_GNUTLS  
+USE_SASL  +HAVE_GETADDRINFO  
+HAVE_REGCOMP  -USE_GNU_REGEX  
+HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET  
+HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM  
+CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME  -CRYPT_BACKEND_GPGME  
- -EXACT_ADDRESS  -SUN_ATTACHMENT  
+ENABLE_NLS  -LOCALES_HACK  +COMPRESSED  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET 
 +HAVE_LANGINFO_YESEXPR  
+HAVE_ICONV  -ICONV_NONTRANS  +HAVE_LIBIDN  +HAVE_GETSID  +USE_HCACHE  
- -ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
MIXMASTER="mixmaster"
To contact the developers, please mail to .
To report a bug, please visit http://bugs.mutt.org/.

patch-1.5.13.cd.ifdef.2
patch-1.5.13.cd.purge_message.3.4
patch-1.5.13.nt+ab.xtitles.4
patch-1.5.18.sidebar.20080611.txt
patch-1.5.4.vk.pgp_verbose_mime
patch-1.5.6.dw.maildir-mtime.1
patch-1.5.8.hr.sensible_browser_position.3

- -- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (800, 'unstable'), (700, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.29-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mutt depends on:
ii  libc62.9-8   GNU C Library: Shared libraries
ii  libcomerr2   1.41.5-1common error description library
ii  libgdbm3 1.8.3-4 GNU dbm database routines (runtime
ii  libgnutls26  2.6.5-1 the GNU TLS library - runtime libr
ii  libidn11 1.14-3  GNU Libidn library, implementation
ii  libkrb53 1.6.dfsg.4~beta1-13 Transitional library package/krb4 
ii  libncursesw5 5.7+20090411-1  shared libraries for terminal hand
ii  libsasl2-2   2.1.22.dfsg1-23 Cyrus SASL - authentication abstra

Versions of packages mutt recommends:
ii  exim4-daemon-light [mail-tran 4.69-9 lightweight Exim MTA (v4) daemon
ii  locales   2.9-8  GNU C Library: National Language (
ii  mime-support  3.44-1 MIME files 'mime.types' & 'mailcap

Versions of packages mutt suggests:
ii  aspell  0.60.6-1 GNU Aspell spell-checker
ii  ca-certificates 20081127 Common CA certificates
ii  gnupg   1.4.9-4  GNU privacy guard - a free PGP rep
ii  ispell  3.1.20.0-4.4 International Ispell (an interacti
pn  mixmaster  (no description available)
ii  openssl 0.9.8g-16Secure Socket Layer (SSL) binary a
pn  urlview