[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#902716: Acknowledgement (reportbug.debian.org has invalid certificate)

Hey Don,

> $  openssl s_client  --starttls smtp -connect reportbug.debian.org:587
> CONNECTED(00000003)
> depth=0 C = NA, ST = NA, L = Ankh Morpork, O = Debian SMTP, OU = Debian SMTP CA, CN = buxtehude.debian.org, emailAddress = hostmaster@buxtehude.debian.org
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 C = NA, ST = NA, L = Ankh Morpork, O = Debian SMTP, OU = Debian SMTP CA, CN = buxtehude.debian.org, emailAddress = hostmaster@buxtehude.debian.org
> verify error:num=21:unable to verify the first certificate
> verify return:1

so it looks like it's a self-issued local certificate? reportbug.d.o
advertises STARTTLS in its options

morph@zion:~/deb/reportbug$ telnet reportbug.debian.org 587
Trying 2607:f8f0:614:1::1274:39...
Connected to buxtehude.debian.org.
Escape character is '^]'.
he220 buxtehude.debian.org ESMTP Exim 4.89 Tue, 03 Jul 2018 01:12:00 +0000
ehlo sandrotosi.me
250-buxtehude.debian.org Hello sandrotosi.me
[2604:2000:e902:f100:a2d0:6b79:bba:e2b5]
250-SIZE 104857600
250-8BITMIME
250-STARTTLS
250 HELP

but i'm not sure how it could work if the client cant verify the certs chain.

-- 
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
G+: https://plus.google.com/u/0/+SandroTosi
Reply to: