Bug#563127: gnutls-bin: Can no longer verify connections to my company's email server

Andreas Metzler ametzler at downhill.at.eu.org
Thu Dec 31 08:22:23 UTC 2009


On 2009-12-31 Sam Morris <sam at robots.org.uk> wrote:
> Package: gnutls-bin
> Version: 2.8.5-2
> Severity: important

> Today, Evolution stopped being able to connect to my company's email
> server, claiming that the SSL certificate was bad. Thunderbird does not
> have that problem, but while debugging the issue I found that gnutls-cli
> does too.

> I've kept the actual server details out of this public bug report;
> please tell me what email address I can mail them to if you want to
> debug the issue on your end.

> $ gnutls-cli --x509cafile /etc/ssl/certs/Go_Daddy_Class_2_CA.pem --starttls -p imap imap.example.com
[...]

Hello,

color me stupid, but I cannot find any reference to the certificate in
the file /etc/ssl/certs/Go_Daddy_Class_2_CA.pem (C=US,O=The Go Daddy
Group\, Inc.,OU=Go Daddy Class 2 Certification Authority valid
2004-2034) in the debugging output. I think you need to use
/etc/ssl/certs/ValiCert_Class_2_VA.pem instead.

cu andreas





More information about the Pkg-gnutls-maint mailing list