fetchmail-devel

[fetchmail-devel] SVN SSL problem?

[Rob F. <rf...@fu...>]

I just tried to update my local copy of the fetchmail repository, and got 
this error:

svn: PROPFIND request failed on '/svn/fetchmail/trunk'
svn: PROPFIND of '/svn/fetchmail/trunk': SSL negotiation failed: SSL error: 
sslv3 alert bad certificate (https://decoy.wox.org)

Did I miss a change?

-- 
==============================|   "A microscope locked in on one point
 Rob Funk <rf...@fu...> |Never sees what kind of room that it's in"
 http://www.funknet.net/rfunk |    -- Chris Mars, "Stuck in Rewind"

Re: [fetchmail-devel] SVN SSL problem?

[Brian C. <B.C...@po...>]

On Sun, Sep 12, 2004 at 12:27:10PM -0400, Rob Funk wrote:
> I just tried to update my local copy of the fetchmail repository, and got 
> this error:
> 
> svn: PROPFIND request failed on '/svn/fetchmail/trunk'
> svn: PROPFIND of '/svn/fetchmail/trunk': SSL negotiation failed: SSL error: 
> sslv3 alert bad certificate (https://decoy.wox.org)
> 
> Did I miss a change?

$ openssl s_client -connect decoy.wox.org:443
CONNECTED(00000003)
depth=1 /C=US/ST=Texas/L=Dallas/O=decoy.wox.org/CN=Certificate authority/emailAddress=ca...@de...
verify error:num=19:self signed certificate in certificate chain
verify return:0
15428:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052:SSL alert number 40
15428:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:226:
$ 

So this server, whatever it is, is badly broken. (openssl s_client is
normally quite happy to connect to sites with self-signed certificates)

Regards,

Brian.

[fetchmail-devel] Re: SVN SSL problem?

[Graham W. <bo...@de...>]

On Mon, Sep 13, 2004 at 10:20:18AM +0100, Brian Candler wrote:
> On Sun, Sep 12, 2004 at 12:27:10PM -0400, Rob Funk wrote:
> > Did I miss a change?
> 
> $ openssl s_client -connect decoy.wox.org:443
> CONNECTED(00000003)
> depth=1 /C=US/ST=Texas/L=Dallas/O=decoy.wox.org/CN=Certificate authority/emailAddress=ca...@de...
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> 15428:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052:SSL alert number 40
> 15428:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:226:
> $ 
> 
> So this server, whatever it is, is badly broken. (openssl s_client is
> normally quite happy to connect to sites with self-signed certificates)

The server works fine. It is, however, set up to always check client
certificates. I tested using s_client with a client certificate and
everything seemed to work fine.

-- 
gram

Re: [fetchmail-devel] SVN SSL problem?

[Matthias A. <ma...@dt...>]

Rob Funk <rf...@fu...> writes:

> I just tried to update my local copy of the fetchmail repository, and got 
> this error:
>
> svn: PROPFIND request failed on '/svn/fetchmail/trunk'
> svn: PROPFIND of '/svn/fetchmail/trunk': SSL negotiation failed: SSL error: 
> sslv3 alert bad certificate (https://decoy.wox.org)
>
> Did I miss a change?

Yes, I believe so. I have no problem accessing the repo. Graham had
asked for a new key and CSR to be generated and should have sent you a
new signed certificate in response (in private mail), which needs to be
installed.

The old key and certificate have expired and are invalid.

-- 
Matthias Andree

Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 (PGP/MIME preferred)

Re: [fetchmail-devel] SVN SSL problem?

[Rob F. <rf...@fu...>]

Matthias Andree wrote:
> Yes, I believe so. I have no problem accessing the repo. Graham had
> asked for a new key and CSR to be generated and should have sent you a
> new signed certificate in response (in private mail), which needs to be
> installed.
>
> The old key and certificate have expired and are invalid.

Yeah, I got it taken care of.  Oops.

-- 
==============================|   "A microscope locked in on one point
 Rob Funk <rf...@fu...> |Never sees what kind of room that it's in"
 http://www.funknet.net/rfunk |    -- Chris Mars, "Stuck in Rewind"