X2Go Bug report logs - #1530
TLS intermediate certificate seems to be "wrong"

Package: wiki.x2go.org; Maintainer for wiki.x2go.org is x2go-dev@lists.x2go.org;

Reported by: Tim Landscheidt <tim@tim-landscheidt.de>

Date: Fri, 5 Mar 2021 00:45:02 UTC

Severity: normal

Done: Mihai Moldovan <ionic@ionic.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to x2go-dev@lists.x2go.org, x2go-dev@lists.x2go.org:
Bug#1530; Package wiki.x2go.org. (Fri, 05 Mar 2021 00:45:02 GMT) (full text, mbox, link).


Acknowledgement sent to Tim Landscheidt <tim@tim-landscheidt.de>:
New Bug report received and forwarded. Copy sent to x2go-dev@lists.x2go.org. (Fri, 05 Mar 2021 00:45:02 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Tim Landscheidt <tim@tim-landscheidt.de>
To: submit@bugs.x2go.org
Subject: TLS intermediate certificate seems to be "wrong"
Date: Fri, 05 Mar 2021 00:43:36 +0000
Package: wiki.x2go.org

While checking URLs with LWP/curl, I noticed that
wiki.x2go.org fails:

| [tim@passepartout ~]$ curl https://wiki.x2go.org/
| curl: (60) SSL certificate problem: unable to get local issuer certificate
| More details here: https://curl.haxx.se/docs/sslcerts.html

| curl failed to verify the legitimacy of the server and therefore could not
| establish a secure connection to it. To learn more about this situation and
| how to fix it, please visit the web page mentioned above.
| [tim@passepartout ~]$

Staring at "openssl s_client -connect wiki.x2go.org:443",
https://www.ssllabs.com/ssltest/analyze.html?d=wiki.x2go.org
and https://letsencrypt.org/certificates/ suggests to a
layman that the server certificate is signed by the R3
certificate, but the X3 certificate is sent along?


Information forwarded to x2go-dev@lists.x2go.org, x2go-dev@lists.x2go.org:
Bug#1530; Package wiki.x2go.org. (Mon, 08 Mar 2021 18:30:02 GMT) (full text, mbox, link).


Acknowledgement sent to Mihai Moldovan <ionic@ionic.de>:
Extra info received and forwarded to list. Copy sent to x2go-dev@lists.x2go.org. (Mon, 08 Mar 2021 18:30:02 GMT) (full text, mbox, link).


Message #10 received at 1530@bugs.x2go.org (full text, mbox, reply):

From: Mihai Moldovan <ionic@ionic.de>
To: Tim Landscheidt <tim@tim-landscheidt.de>, 1530@bugs.x2go.org
Subject: Re: Bug#1530: TLS intermediate certificate seems to be "wrong"
Date: Mon, 8 Mar 2021 19:29:19 +0100
[Message part 1 (text/plain, inline)]
Control: close -1

* On 3/5/21 1:43 AM, Tim Landscheidt wrote:
> Staring at "openssl s_client -connect wiki.x2go.org:443",
> https://www.ssllabs.com/ssltest/analyze.html?d=wiki.x2go.org
> and https://letsencrypt.org/certificates/ suggests to a
> layman that the server certificate is signed by the R3
> certificate, but the X3 certificate is sent along?

Thanks for reporting and "debugging" this.

Yeah, we were concatenating the old X3 cross-signed cert.

Switched to R3 and regenerated the affected certificates. Should be fixed now.



Mihai


[OpenPGP_signature (application/pgp-signature, attachment)]

Marked Bug as done Request was from Mihai Moldovan <ionic@ionic.de> to 1530-submit@bugs.x2go.org. (Mon, 08 Mar 2021 18:30:03 GMT) (full text, mbox, link).


Notification sent to Tim Landscheidt <tim@tim-landscheidt.de>:
Bug acknowledged by developer. (Mon, 08 Mar 2021 18:30:03 GMT) (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.x2go.org> to internal_control@bugs.x2go.org. (Tue, 06 Apr 2021 05:24:02 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sat Jul 13 15:35:43 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.