X2Go Bug report logs - #1530
TLS intermediate certificate seems to be "wrong"

Package: wiki.x2go.org; Maintainer for wiki.x2go.org is x2go-dev@lists.x2go.org;

Reported by: Tim Landscheidt <tim@tim-landscheidt.de>

Date: Fri, 5 Mar 2021 00:45:02 UTC

Severity: normal

Done: Mihai Moldovan <ionic@ionic.de>

Bug is archived. No further changes may be made.

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#1530: TLS intermediate certificate seems to be "wrong"
Reply-To: Mihai Moldovan <ionic@ionic.de>, 1530@bugs.x2go.org
Resent-From: Mihai Moldovan <ionic@ionic.de>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: x2go-dev@lists.x2go.org
X-Loop: owner@bugs.x2go.org
Resent-Date: Mon, 08 Mar 2021 18:30:02 +0000
Resent-Message-ID: <handler.1530.B1530.161522818719009@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 1530
X-X2Go-PR-Package: wiki.x2go.org
X-X2Go-PR-Keywords: 
References: <87wnumfn0n.fsf@passepartout.tim-landscheidt.de> <87wnumfn0n.fsf@passepartout.tim-landscheidt.de>
Received: via spool by 1530-submit@bugs.x2go.org id=B1530.161522818719009
          (code B ref 1530); Mon, 08 Mar 2021 18:30:02 +0000
Received: (at 1530) by bugs.x2go.org; 8 Mar 2021 18:29:47 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,NICE_REPLY_A,SPF_HELO_NONE,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.2
Received: from mail.ionic.de (ionic.de [IPv6:2001:41d0:a:588b:1::2])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 443BD5DAFA
	for <1530@bugs.x2go.org>; Mon,  8 Mar 2021 19:29:20 +0100 (CET)
Received: from [10.20.16.12] (178.162.222.163.adsl.inet-telecom.org [178.162.222.163])
	by mail.ionic.de (Postfix) with ESMTPSA id 9FA474F00208;
	Mon,  8 Mar 2021 18:29:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ionic.de; s=default;
	t=1615228159; bh=NM/gY0IIaO72Z2FqGqgTgWHL6WMZYfxCvqD6zUVTnwg=;
	h=To:References:From:Subject:Date:In-Reply-To:From;
	b=UOWtlqbezOvhtkEodnVNr2X/yws6SDuuOnnJpceC3DjnI2uyx3YIj7qEp/Ry3HpYJ
	 iRAB+ztSDT5frzR8XEVmN5hIAr2g41Gee1Mh2po/Pa8bTrAbl12M2raE46PEZhDulE
	 TjDARMToaEmE5VMvubqMg+KqskVsMwPdAFpSgtxY=
To: Tim Landscheidt <tim@tim-landscheidt.de>, 1530@bugs.x2go.org
From: Mihai Moldovan <ionic@ionic.de>
Message-ID: <3e466af7-f6e1-db7c-3132-e401aaea2a29@ionic.de>
Date: Mon, 8 Mar 2021 19:29:19 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <87wnumfn0n.fsf@passepartout.tim-landscheidt.de>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="iLwKyA8ekEckv6VxD5fYzjBDa0dCEHwXS"

[Message part 1 (text/plain, inline)]
Control: close -1

* On 3/5/21 1:43 AM, Tim Landscheidt wrote:
> Staring at "openssl s_client -connect wiki.x2go.org:443",
> https://www.ssllabs.com/ssltest/analyze.html?d=wiki.x2go.org
> and https://letsencrypt.org/certificates/ suggests to a
> layman that the server certificate is signed by the R3
> certificate, but the X3 certificate is sent along?

Thanks for reporting and "debugging" this.

Yeah, we were concatenating the old X3 cross-signed cert.

Switched to R3 and regenerated the affected certificates. Should be fixed now.



Mihai



[OpenPGP_signature (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Sat Apr 20 11:09:39 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.