Bug 499390 - "Warning: Couldn't save certificate" when connecting to IMAP server
Summary: "Warning: Couldn't save certificate" when connecting to IMAP server
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: mutt
Version: 11
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Miroslav Lichvar
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 500649 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-05-06 13:57 UTC by Mike Snitzer
Modified: 2009-07-10 11:25 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1044743 (view as bug list)
Environment:
Last Closed: 2009-07-10 11:25:04 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
output of 'openssl s_client -showcerts -connect mail.corp.redhat.com:993' (6.16 KB, text/plain)
2009-05-06 13:57 UTC, Mike Snitzer 		no flags Details
View All

Description Mike Snitzer 2009-05-06 13:57:01 UTC 
Created attachment 342654 [details]
output of 'openssl s_client -showcerts -connect mail.corp.redhat.com:993'

Description of problem:
mutt can't save an SSL certficate on start.

Version-Release number of selected component (if applicable):
mutt-1.5.19-4.fc11

How reproducible:
Always

Steps to Reproduce:
1. start mutt, it connects to IMAP server
2. answer (a)ccept at the mutt "SSL Certficate check" dialog
3. I get "Warning: Couldn't save certificate", normal connection proceeds
  
Actual results:
When I use mutt to connect to an IMAP server the mutt "SSL Certficate check (certificate 1 of 3 in chain)" causes the following dialog to be presented:
(r)eject, accept (o)nce, (a)ccept always

When I (a)ccept the certificate I get "Warning: Couldn't save certificate"
Mutt goes on to properly connect to the IMAP server, download messages, etc.
This now occurs _everytime_ I start mutt.


Expected results:
With mutt-1.5.18-4.fc10 I was not presented with any dialog.  But when I downgrade my rawhide system's mutt to that version I am still presented with the "SSL Certficate check" dialog.  This leads me to believe that some other dependency has been updated in rawhide and is adversely affecting mutt (e.g. gnutls).

Additional info:
I'm attaching the results of the following command:
 openssl s_client -showcerts -connect mail.corp.redhat.com:993

You'll note that the first certificate has causes this "error":
verify error:num=19:self signed certificate in certificate chain
...
Verify return code: 19 (self signed certificate in certificate chain)
Comment 1 Miroslav Lichvar 2009-05-06 16:13:49 UTC 
Looks like gnutls is now returning GNUTLS_CERT_INSECURE_ALGORITHM for the certificate.

Tomas, is that correct?
Comment 2 Tomas Mraz 2009-05-06 20:21:03 UTC 
Yes, that's because the MD5 is used in the signature of the certificate which is really insecure due to easy collision generation for MD5. The admins of the server should replace the certificate with a SHA1 signed one.
Comment 3 Miroslav Lichvar 2009-05-13 14:54:09 UTC 
*** Bug 500649 has been marked as a duplicate of this bug. ***
Comment 7 Bug Zapper 2009-06-09 15:15:11 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 8 Miroslav Lichvar 2009-06-09 15:29:36 UTC 
Fixed in mutt-1.5.19-5.fc11.
Comment 9 Andrew Overholt 2009-06-09 15:45:45 UTC 
Verified.  Thanks!
Note You need to log in before you can comment on or make changes to this bug.