From unknown Thu Apr 30 18:48:54 2026 MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#1530 closed by Mihai Moldovan (Re: Bug#1530: TLS intermediate certificate seems to be "wrong") Message-ID: References: <3e466af7-f6e1-db7c-3132-e401aaea2a29@ionic.de> X-X2go-PR-Message: they-closed 1530 X-X2go-PR-Package: wiki.x2go.org Date: Mon, 08 Mar 2021 18:30:03 +0000 Content-Type: multipart/mixed; boundary="----------=_1615228203-19107-0" This is a multi-part message in MIME format... ------------=_1615228203-19107-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the wiki.x2go.org package: #1530: TLS intermediate certificate seems to be "wrong" It has been closed by Mihai Moldovan . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Mihai Moldovan by replying to this email. --=20 1530: bugs.x2go.org/cgi-bin/bugreport.cgi?bug=3D1530 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1615228203-19107-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 1530) by bugs.x2go.org; 8 Mar 2021 18:29:47 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,NICE_REPLY_A,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail.ionic.de (ionic.de [IPv6:2001:41d0:a:588b:1::2]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 443BD5DAFA for <1530@bugs.x2go.org>; Mon, 8 Mar 2021 19:29:20 +0100 (CET) Received: from [10.20.16.12] (178.162.222.163.adsl.inet-telecom.org [178.162.222.163]) by mail.ionic.de (Postfix) with ESMTPSA id 9FA474F00208; Mon, 8 Mar 2021 18:29:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ionic.de; s=default; t=1615228159; bh=NM/gY0IIaO72Z2FqGqgTgWHL6WMZYfxCvqD6zUVTnwg=; h=To:References:From:Subject:Date:In-Reply-To:From; b=UOWtlqbezOvhtkEodnVNr2X/yws6SDuuOnnJpceC3DjnI2uyx3YIj7qEp/Ry3HpYJ iRAB+ztSDT5frzR8XEVmN5hIAr2g41Gee1Mh2po/Pa8bTrAbl12M2raE46PEZhDulE TjDARMToaEmE5VMvubqMg+KqskVsMwPdAFpSgtxY= To: Tim Landscheidt , 1530@bugs.x2go.org References: <87wnumfn0n.fsf@passepartout.tim-landscheidt.de> From: Mihai Moldovan Subject: Re: Bug#1530: TLS intermediate certificate seems to be "wrong" Message-ID: <3e466af7-f6e1-db7c-3132-e401aaea2a29@ionic.de> Date: Mon, 8 Mar 2021 19:29:19 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: <87wnumfn0n.fsf@passepartout.tim-landscheidt.de> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="iLwKyA8ekEckv6VxD5fYzjBDa0dCEHwXS" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --iLwKyA8ekEckv6VxD5fYzjBDa0dCEHwXS Content-Type: multipart/mixed; boundary="epuJbTWnVdekEHyfaxQ0lUKgMq8h9FAF1"; protected-headers="v1" From: Mihai Moldovan To: Tim Landscheidt , 1530@bugs.x2go.org Message-ID: <3e466af7-f6e1-db7c-3132-e401aaea2a29@ionic.de> Subject: Re: Bug#1530: TLS intermediate certificate seems to be "wrong" References: <87wnumfn0n.fsf@passepartout.tim-landscheidt.de> In-Reply-To: <87wnumfn0n.fsf@passepartout.tim-landscheidt.de> --epuJbTWnVdekEHyfaxQ0lUKgMq8h9FAF1 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Control: close -1 * On 3/5/21 1:43 AM, Tim Landscheidt wrote: > Staring at "openssl s_client -connect wiki.x2go.org:443", > https://www.ssllabs.com/ssltest/analyze.html?d=3Dwiki.x2go.org > and https://letsencrypt.org/certificates/ suggests to a > layman that the server certificate is signed by the R3 > certificate, but the X3 certificate is sent along? Thanks for reporting and "debugging" this. Yeah, we were concatenating the old X3 cross-signed cert. Switched to R3 and regenerated the affected certificates. Should be fixed= now. Mihai --epuJbTWnVdekEHyfaxQ0lUKgMq8h9FAF1-- --iLwKyA8ekEckv6VxD5fYzjBDa0dCEHwXS Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEbhHQj3UzgcdE8cg8H9Yu2W4lOocFAmBGbP8FAwAAAAAACgkQH9Yu2W4lOoci mBAAyO7GUMlItaXnpp0iLCyO2/RQNphiv10eNgc84rd4npvxMAmZQ+GkPd7d/AElobuJIYHcmATm yK2GHAPLk5j+Vm2U42NYEk86S5eNNCeWuZXpRWKUaJe7Vxbw6dPxPrW1Ad8qnTN1AP4kH+EMxJbl F1zrfHmxbkpMjMVXHmxeNxeceKXQY/6wTSKOMlmbg3XPtOkeLxtf+X9Ep8X/aTV6MvHAWm1h2FXS NKwSzGtwTRAiqbooDfuywUVAa5KaspLNBxTUyniqidNlrVmuSJQ05/lFv+xnDhmOSol2pOJyPN+I pHLRXzBY02Nz49euMvbG+YvQBONstsPwbsXWukD9bdw8izwA64BfH+H3ZG/4cUM/BDQFDOJgCn6y Wu+NoUJE/hO/UE90+s+Ji8seUlGy8WrQ7Clxd4XlzBoLzE7vKSQonej6Rqy/z5ntNWyjh0xxFi4y kAQE7ZSLuLLnOWJ5iPILZfLCz5bVC9R7YPx32JuWI271YEtOoIdpieLzKHCbYTCelZ3cmpHiHy+P BTXcNWawNuKj9TZ1d3lE0QP51Tfew86ByLna8JF1Uh36wRE3gP8SrZAlfzel+BmJBEBeryKWp4Pb QgeqMfp/746+7v2hkmEbsyg+6nrFHSODDbtwKTsRy1rGysGfStWRqbiKebnrHAyIxfEpLCEItZhq aJU= =SuGD -----END PGP SIGNATURE----- --iLwKyA8ekEckv6VxD5fYzjBDa0dCEHwXS-- ------------=_1615228203-19107-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 5 Mar 2021 00:43:44 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,SPF_HELO_NONE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from andalucia.tim-landscheidt.de (andalucia.tim-landscheidt.de [IPv6:2a01:4f8:1c1c:d4d0::1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 9E8925DA8B for ; Fri, 5 Mar 2021 01:43:37 +0100 (CET) Received: from dslb-084-060-155-122.084.060.pools.vodafone-ip.de ([84.60.155.122]:54564 helo=passepartout.tim-landscheidt.de) by andalucia.tim-landscheidt.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1lHyZ7-0001vc-24 for submit@bugs.x2go.org; Fri, 05 Mar 2021 01:43:37 +0100 From: Tim Landscheidt To: submit@bugs.x2go.org Subject: TLS intermediate certificate seems to be "wrong" Organization: http://www.tim-landscheidt.de/ Date: Fri, 05 Mar 2021 00:43:36 +0000 Message-ID: <87wnumfn0n.fsf@passepartout.tim-landscheidt.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Package: wiki.x2go.org While checking URLs with LWP/curl, I noticed that wiki.x2go.org fails: | [tim@passepartout ~]$ curl https://wiki.x2go.org/ | curl: (60) SSL certificate problem: unable to get local issuer certificate | More details here: https://curl.haxx.se/docs/sslcerts.html | curl failed to verify the legitimacy of the server and therefore could not | establish a secure connection to it. To learn more about this situation and | how to fix it, please visit the web page mentioned above. | [tim@passepartout ~]$ Staring at "openssl s_client -connect wiki.x2go.org:443", https://www.ssllabs.com/ssltest/analyze.html?d=wiki.x2go.org and https://letsencrypt.org/certificates/ suggests to a layman that the server certificate is signed by the R3 certificate, but the X3 certificate is sent along? ------------=_1615228203-19107-0--