Created attachment 342654 [details] output of 'openssl s_client -showcerts -connect mail.corp.redhat.com:993' Description of problem: mutt can't save an SSL certficate on start. Version-Release number of selected component (if applicable): mutt-1.5.19-4.fc11 How reproducible: Always Steps to Reproduce: 1. start mutt, it connects to IMAP server 2. answer (a)ccept at the mutt "SSL Certficate check" dialog 3. I get "Warning: Couldn't save certificate", normal connection proceeds Actual results: When I use mutt to connect to an IMAP server the mutt "SSL Certficate check (certificate 1 of 3 in chain)" causes the following dialog to be presented: (r)eject, accept (o)nce, (a)ccept always When I (a)ccept the certificate I get "Warning: Couldn't save certificate" Mutt goes on to properly connect to the IMAP server, download messages, etc. This now occurs _everytime_ I start mutt. Expected results: With mutt-1.5.18-4.fc10 I was not presented with any dialog. But when I downgrade my rawhide system's mutt to that version I am still presented with the "SSL Certficate check" dialog. This leads me to believe that some other dependency has been updated in rawhide and is adversely affecting mutt (e.g. gnutls). Additional info: I'm attaching the results of the following command: openssl s_client -showcerts -connect mail.corp.redhat.com:993 You'll note that the first certificate has causes this "error": verify error:num=19:self signed certificate in certificate chain ... Verify return code: 19 (self signed certificate in certificate chain)
Looks like gnutls is now returning GNUTLS_CERT_INSECURE_ALGORITHM for the certificate. Tomas, is that correct?
Yes, that's because the MD5 is used in the signature of the certificate which is really insecure due to easy collision generation for MD5. The admins of the server should replace the certificate with a SHA1 signed one.
*** Bug 500649 has been marked as a duplicate of this bug. ***
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fixed in mutt-1.5.19-5.fc11.
Verified. Thanks!