[Users] [Bug 3193] SSL Certificate changed

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Fri May 30 16:37:18 CEST 2014


http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3193

--- Comment #7 from Colin Leroy <colin at colino.net> ---
According to the openssl CLI, there's really a problem with their cert:

$ openssl s_client -host inbound.att.net -port 995
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c)
2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public
Primary Certification Authority - G5
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=Michigan/L=Southfield/O=AT&T Services, Inc./OU=att.net Mail
2/CN=inbound.att.net
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign,
Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification
Authority - G5
 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign,
Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification
Authority - G5
   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIQYWI0F4xFlNIRefG3cdT8MzANBgkqhkiG9w0BAQUFADCB
tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTQwNDI0
MDAwMDAwWhcNMTUwNDI1MjM1OTU5WjCBhjELMAkGA1UEBhMCVVMxETAPBgNVBAgT
CE1pY2hpZ2FuMRMwEQYDVQQHFApTb3V0aGZpZWxkMRwwGgYDVQQKFBNBVCZUIFNl
cnZpY2VzLCBJbmMuMRcwFQYDVQQLFA5hdHQubmV0IE1haWwgMjEYMBYGA1UEAxQP
aW5ib3VuZC5hdHQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
pNDTlR6owPRIIx1Q7NvfFkk8Y2BiXZPcWOkJHit2yzpdn6tRCNU51sYV4bHIUX6d
iwoH7D27FGMKRjR9CHVbqSO+zpLDQ6QK3i3SNTe3Xts8YWdxUAsFgs4uxmMkzW8+
o2Pci3Z/T/haoljGh1XfdspvPEKKrgg8EC2VagFwiIxmQ8+h6abOZQ9ud23fIuqI
AJkgO5dW3dQ19pM2uprBdGilK/+OqRH3DKYIXCBENYtHFR+Y1uzxMzF0aWcToPdN
YX7SmCy6lmWeYHwBBGDHJGzu2DrNvYSQXWJ9YOdR7GYGUWEJUGosPqmTAp1jYWS0
OJS4OmBUL4PGWaFeMUMH/wIDAQABo4IBaDCCAWQwGgYDVR0RBBMwEYIPaW5ib3Vu
ZC5hdHQubmV0MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAj
BggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIw
GRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUDURcFlNEwYJ+
HSCrJfQBY9i+eaUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NkLnN5bWNiLmNv
bS9zZC5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Qu
c3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Quc3ltY2IuY29tL3NkLmNy
dDANBgkqhkiG9w0BAQUFAAOCAQEAKZwxhBOUkYCie5jvsLnt+2sFs7owMZFMwQqL
6ZPuRz6/bHDKTImNQtWBAuQjmLsaulks8miGYN2rMNpt2wepWiSOTTxnYDK34YQY
P4bHS5vGD1qNUktCql72RWrDWOQgRe3klA42Uznc3lGAUT29abOGmh0kV72hgqEv
EaKiO1xH8H3UHsIa/FETCsWYTQyYJZld/4UABQz6VMuDiYFbaJog6/7pkPh9wFRn
jNeYnyDJrnq9vjeCfIiBPyijK+Xga0fCMeWDlj40UvdLIfJ1ziQjrZaNC6tw9/vd
Db/BTef3fMIEUpWf49bH4uAf02vdhzrc/moplHQpvJSjBs6L/Q==
-----END CERTIFICATE-----
subject=/C=US/ST=Michigan/L=Southfield/O=AT&T Services, Inc./OU=att.net Mail
2/CN=inbound.att.net
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 4399 bytes and written 831 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-SHA
    Session-ID:
67321ACBF88FB1D4D70DE8BD0A96FF09E0642B7C8A6A65B89D66EEB6E47F7647
    Session-ID-ctx: 
    Master-Key:
8AA9033C4191D0F0E79EB9E32457CC273B78324007CA1EA396384B941D623BD29EFE778D644834133D9E77414D8D936D
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket:
    0000 - 3b ad 64 2a c1 0b 0d 4d-67 e0 5f ab c4 99 20 3e   ;.d*...Mg._... >
    0010 - 68 d0 40 6e 11 a0 f6 f5-44 f7 e2 ac 42 38 2f 97   h. at n....D...B8/.
    0020 - e9 4c 55 d7 c8 e9 19 11-47 65 f6 ed a6 93 d5 65   .LU.....Ge.....e
    0030 - 94 62 d4 68 79 2b 52 4e-4a 3e ea 0d 65 c1 9b d7   .b.hy+RNJ>..e...
    0040 - ad d0 f1 95 e4 37 0b d4-d2 28 7f 3e 6b a7 a3 6e   .....7...(.>k..n
    0050 - fb 08 c4 eb 00 a5 9f 76-69 33 39 63 00 30 58 c1   .......vi39c.0X.
    0060 - 4c 5f 3c a8 f1 84 a2 d7-11 6f a6 1d 95 d3 fe 87   L_<......o......
    0070 - ac b0 c5 38 b5 2d af 99-8a 52 70 95 b2 f9 67 07   ...8.-...Rp...g.
    0080 - 1f a6 07 dc 4e fa 83 c2-e9 cb 40 ac fd 84 f8 6f   ....N..... at ....o
    0090 - ec 06 39 7f 4d 7e 03 84-2e 2b d8 36 75 9a 1f c6   ..9.M~...+.6u...

    Start Time: 1401460590
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
+OK hello from popgate-0.8.0.504347 pop112.sbc.mail.bf1.yahoo.com 
quit
+OK

-- 
You are receiving this mail because:
You are the assignee for the bug.



More information about the Users mailing list