[pkg-fetchmail-maint] Bug#513462: ssl support in fetchmail does not supporrt SHA256
Erwan David
erwan at rail.eu.org
Thu Jan 29 10:59:28 UTC 2009
Package: fetchmail
Version: 6.3.9~rc2-4
Severity: normal
When using fetchmail with a server certificate signed using
sha256WithRSAEncryption algorithm, fetchmail fails.
fetchmail -v reports
fetchmail: Server certificate verification error: certificate signature failure
4778:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:141:
4778:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:951:
fetchmail: SSL connection failed.
SHA256 is now the recommended algorithm for signatures by french DCSSI
(the IT security body). MPD5 is broken, and SHA1 has shown problems.
Moreover, openssl itself knows the algorithm since a
openssl s_client works on the same server.
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages fetchmail depends on:
ii adduser 3.110 add and remove users and groups
ii debianutils 2.30 Miscellaneous utilities specific t
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcomerr2 1.41.3-1 common error description library
ii libkrb53 1.6.dfsg.4~beta1-5 MIT Kerberos runtime libraries
ii libssl0.9.8 0.9.8g-15 SSL shared libraries
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
Versions of packages fetchmail recommends:
ii ca-certificates 20080809 Common CA certificates
Versions of packages fetchmail suggests:
pn fetchmailconf <none> (no description available)
ii postfix [mail-transport-agent 2.5.5-1.1 High-performance mail transport ag
ii resolvconf 1.42 name server information handler
-- no debconf information
More information about the pkg-fetchmail-maint
mailing list