[Bug 1881449] [NEW] mutt fails on non-linear certificate chains
Wifi Freak
1881449 at bugs.launchpad.net
Sun May 31 00:54:18 UTC 2020
Public bug reported:
mutt 1.13.2 fails on non-linear certificate chains when the CA that
issued the server shipped intermediate CA has expired but an
intermediate (non expired one) is present within the certificate store.
Expected behaviour:
- mutt accepts this connection without a certificate warning and asks for username and password
Behaviour is fixed in mutt 1.14.2.
Way to reproduce:
mutt -f imaps://mail.manitu.de
the following message appears within mutt:
###
This certificate belongs to:
COMODO RSA Certification Authority
COMODO CA Limited
Salford Greater Manchester GB
This certificate was issued by:
AddTrust External CA Root
AddTrust AB
AddTrust External TTP Network
SE
This certificate is valid
from Tue, 30 May 2000 10:48:38 UTC
to Sat, 30 May 2020 10:48:38 UTC
SHA1 Fingerprint: F5AD 0BCC 1AD5 6CD1 5072 5B1C 866C 30AD 92EF 21B0
SHA256 Fingerprint: 4F32 D5DC 00F7 1525 0ABC C486 511E 37F5
01A8 99DE B3BF 7EA8 ADBB D3AE F1C4 12DA
WARNING: Server certificate has expired
###
as the server is shipping an intermediate CA issued by an expired CA (AddTrust External CA Root).
OpenSSL validates this connection just fine as "COMODO RSA Certification
Authority" is included within the system's certificate store.
openssl s_client -connect mail.manitu.de:993
###
003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, CN = *.manitu.de
verify return:1
---
Certificate chain
0 s:OU = Domain Control Validated, CN = *.manitu.de
i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
-----BEGIN CERTIFICATE-----
MIIHqzCCBpOgAwIBAgIQQaVrtZY6LQITn0Zb2mXHVTANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xODA1MjkwMDAwMDBaFw0yMDA4MjYyMzU5NTlaMDkxITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UEAwwLKi5tYW5pdHUuZGUwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQClwKfXTkWH1u2WA9SicE9gg5vY
WK9xJFh8dIjFZE3ksfPFVvHwpQMxEj/DoJD8SWBWdKM7BWdlzlSGLi6iFw+n6mzV
92wz37I54ngYd8VPcn/GkNd+fKnL+mHKDRDq45IERzo93BhBzVpIC29GC2eBZhd/
xefEbb/LQWjeK3ZDt6xBBWvMFV9N4pPcXncdWS3yl+t/MiM5GeU4dT+gdeSMXAOV
h0d+bRpxFeOkSaP/lsj8/khhsy6EfLjnGZDoJenwVFatvSvgv6sBuzcYwHQCxAVj
Omp9+dSD+YO8u1Ffi6lHUA/sDJw8/vniqtqZYfpKKas8kQ6yJqXYQWmDOD2emkrE
vg7Yp91eg1MDqNq39JbxLRyypWC5zDI8/cvmRBwB4TK7NZalD526dPmWzcPOAbeK
1LFZpYxxl0CynnIvakMtmfpatlher0CPutlQv4E4iI8y79D8ckkZKPJ3Sl1Pe7Rc
iX8aNGCY8hQzK/O4/P1zQB5Z7F2pym1/gSDYG68wdVrDeMQqOYPOEjy+D07ShK30
kk4X6tf2vME2PYZGQqUZQrFE0KuTtMSHXqZNKrTYyvRiUEQ8y2T0Wnej1LY3eKRM
8ABl8SGdJvnKrRo21u1e7sOhsFZXgTvSGZXOQbgD6b2IB/A0/60dkiDIj41yqW08
+sNLDAUpWvt/FsWywwIDAQABo4IDVTCCA1EwHwYDVR0jBBgwFoAUkK9qOpRaC9iQ
6hJWc99DtDoo2ucwHQYDVR0OBBYEFILJqXWhWFSldlHetk95ADaak1SCMA4GA1Ud
DwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEBAgIHMCswKQYIKwYBBQUHAgEW
HWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECATBUBgNVHR8E
TTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21h
aW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGFBggrBgEFBQcBAQR5MHcw
TwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQURv
bWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0
dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAhBgNVHREEGjAYggsqLm1hbml0dS5kZYIJ
bWFuaXR1LmRlMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgDuS723dc5guuFC
aR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWOrI3SpAAAEAwBHMEUCIHBywDOdN6pj
eEdmvW8Hu8kWg0EztHl5zI7t+hm5UHL8AiEAiGL1+aUB78za23d7bxqpAHpbpD/P
3odsBi3yDr4jEMcAdwBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAA
AWOrI3TtAAAEAwBIMEYCIQD+vMLkX92U2SpiJ6K/eMH9qUlIQAtZwDIYtv3++NCj
3QIhAMwGvgjQ6eLQ3QDgKBni2nq4DySNxTrad4RH52+SyBYWAHUAVYHUwhaQNgFK
6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFjqyN0zAAABAMARjBEAiAYSvgHMFWq
LsC1bnETQEdJik1W+ie+F0suJBZDqAbvVgIgIzf09fSyHGW1TXKMfDHkpRI5KeCw
Os37kJkFVZi8v3UwDQYJKoZIhvcNAQELBQADggEBAEUDlWrGH9yjr72M0pkbh1mK
kdYXR1ZE1BsAYg7tnpQ7Ndkrgo7QX7ENs20LaXI9duxWOEbgguUzRqehIUf8YrJ2
F9xrszLnVviA6jZikhLeRnZQGYIlTfyAMPWFjmTtAZTfkBVquo7vocnyHADPBDko
SutvmmSnIAHipUtA39Lrdgt6soIZ8RPyZ50WON/jKqHUfzRboYBICMNSN7xa9DhS
iQ4MBTMO3QRVQeDYLSn9gpPG074TdASKDogQlQ/tEydMKL4j/7FV3kKsEiZuSwSF
VGfEvi1voQF4iAlkmcUQTOgnxrghaTFH4Ypfz4mjvuRsTwM/8OmBY6P33Sk8HT0=
-----END CERTIFICATE-----
1 s:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
-----BEGIN CERTIFICATE-----
MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy
MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh
bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0
Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6
ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51
UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n
c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY
MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz
30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG
BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv
bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E
T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v
ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p
mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/
e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps
P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY
dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc
2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG
V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4
HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX
j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII
0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap
lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf
+AZxAeKCINT+b72x
-----END CERTIFICATE-----
2 s:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD
VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw
AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6
2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt
4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq
m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/
vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT
8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE
IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO
KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO
GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/
s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g
JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD
AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9
MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy
bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6
Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ
zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj
Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY
Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5
B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx
PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR
pu/xO28QOG8=
-----END CERTIFICATE-----
---
Server certificate
subject=OU = Domain Control Validated, CN = *.manitu.de
issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA
Limited, CN = COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5741 bytes and written 386 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 5647EA0E9B48DD3AC0474941A2A3453A5BA3E3CD11650ACA5C72024C0991E840
Session-ID-ctx:
Resumption PSK: 5FB013801EE9FAFF81940DCD9B60DA6D1BB897385E6457F411B99AB573AB45C680B4675FBBA14121D3F9E3F3B9D49EB8
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - f0 92 f5 ea 57 92 98 bf-a7 d5 08 4d 40 2d 76 81 ....W......M at -v.
0010 - 4e bf 76 93 a0 cd 6e fd-19 d2 d0 8e ac ee 56 37 N.v...n.......V7
0020 - b9 3c 71 4f 50 7f f5 ea-a9 49 64 23 a2 1b 93 f1 .<qOP....Id#....
0030 - d2 ad 96 7d 12 1b 34 11-8c 25 f9 7f e1 a4 c9 a9 ...}..4..%......
0040 - 35 1c d3 60 8a 5f bb e1-01 f6 ca 8f 22 2b ad c2 5..`._......"+..
0050 - 20 a0 7f 8d 6a 60 5c 7d-89 10 23 02 be 50 bd d9 ...j`\}..#..P..
0060 - 44 6f b0 bd 39 a9 3e 3d-c1 a8 43 ba cf de 8e 5c Do..9.>=..C....\
0070 - 89 4f 6c b4 96 99 2a 79-4e fc 44 26 4a b6 20 f2 .Ol...*yN.D&J. .
0080 - 41 9c 4f f8 31 41 d2 83-63 9d 3e ad a3 af b1 af A.O.1A..c.>.....
0090 - 2e 78 01 a5 4e 38 c1 13-f9 e7 9e a9 26 30 15 ff .x..N8......&0..
00a0 - de 8e 90 6c cc c3 94 67-d8 d1 37 c6 06 43 c1 73 ...l...g..7..C.s
00b0 - 55 1e 44 bf 60 96 71 92-18 65 ec 0a 7f 48 5e bd U.D.`.q..e...H^.
00c0 - d6 e9 cf cf e2 f6 2c 13-e4 4a 20 94 6a e7 42 53 ......,..J .j.BS
00d0 - d6 16 27 a3 e2 b1 e5 c6-9d d5 a9 76 30 31 a9 2b ..'........v01.+
Start Time: 1590886172
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 1FF1B49AA77C472C39257D193150E58879093A685817315595E2847E5C4BE736
Session-ID-ctx:
Resumption PSK: 3119C350C531C16EB39BBAAFF6FDB51F0EABC2F26BC9873638EE5E6AFD0D13F2717FD75A17BBBA461D82345E5B5AE40C
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - f0 92 f5 ea 57 92 98 bf-a7 d5 08 4d 40 2d 76 81 ....W......M at -v.
0010 - 11 fc b0 60 ee 14 8f 20-9e ca 27 ca 50 47 72 cd ...`... ..'.PGr.
0020 - 72 99 71 fe f4 14 41 5b-1a 89 16 9a a1 be 06 15 r.q...A[........
0030 - 59 80 3a 91 a0 3f d4 f8-85 5e 09 1c 7b 7d 1d ad Y.:..?...^..{}..
0040 - 70 4d 5c 9b a7 9f 9b e8-e8 a7 39 d5 74 53 47 cd pM\.......9.tSG.
0050 - 6c aa 96 40 0a 63 ce cd-a8 cb 4d fb 45 77 c6 b1 l.. at .c....M.Ew..
0060 - f4 ff ed fb b9 5d 3f 75-36 62 70 50 f0 d0 42 e5 .....]?u6bpP..B.
0070 - ad c6 30 d4 80 e8 c3 6d-5c bd c8 fd 80 2f 0d fd ..0....m\..../..
0080 - da 1c 2a 43 ff 52 db 86-e2 63 fb a5 23 e4 e4 46 ..*C.R...c..#..F
0090 - 6d 1c f4 c9 20 ce a4 bf-1d dd b9 3d 70 88 a3 53 m... ......=p..S
00a0 - bc cb 0c 84 de 51 34 38-56 26 f5 e8 16 e4 77 fa .....Q48V&....w.
00b0 - 93 af 53 6f 22 44 98 c0-a5 46 f0 38 02 89 e4 e5 ..So"D...F.8....
00c0 - 05 f9 78 3f 43 da b6 71-0d a3 20 25 fe f0 c2 fc ..x?C..q.. %....
00d0 - c8 1f 73 05 4d 39 ab 24-e2 87 47 f5 52 e6 a5 e9 ..s.M9.$..G.R...
Start Time: 1590886172
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
###
lsb_release -rd
###
Description: Ubuntu 20.04 LTS
Release: 20.04
###
apt-cache policy mutt
###
mutt:
Installed: 1.13.2-1
Candidate: 1.13.2-1
Version table:
*** 1.13.2-1 500
500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages
100 /var/lib/dpkg/status
###
mutt -v
###
mutt -v
Mutt 1.13.2 (2019-12-18)
Copyright (C) 1996-2016 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: Linux 5.4.0-31-generic (x86_64)
ncurses: ncurses 6.2.20200212 (compiled with 6.1)
libidn: 1.33 (compiled with 1.33)
hcache backend: tokyocabinet 1.4.48
Compiler:
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/9/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:hsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 9.2.1-22ubuntu1' --with-bugurl=file:///usr/share/doc/gcc-9/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,gm2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-9 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none,hsa --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu --with-build-config=bootstrap-lto-lean --enable-link-mutex
Thread model: posix
gcc version 9.2.1 20191130 (Ubuntu 9.2.1-22ubuntu1)
Configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--
includedir=\${prefix}/include' '--mandir=\${prefix}/share/man' '--
infodir=\${prefix}/share/info' '--sysconfdir=/etc' '--
localstatedir=/var' '--disable-silent-rules' '--
libdir=\${prefix}/lib/x86_64-linux-gnu' '--
libexecdir=\${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode'
'--disable-dependency-tracking' '--with-mailpath=/var/mail' '--enable-
compressed' '--enable-debug' '--enable-fcntl' '--enable-hcache'
'--enable-gpgme' '--enable-imap' '--enable-smtp' '--enable-pop'
'--enable-sidebar' '--enable-nntp' '--enable-dotlock' '--disable-
fmemopen' '--with-curses' '--with-gnutls' '--with-gss' '--with-idn'
'--with-mixmaster' '--with-sasl' '--without-gdbm' '--without-bdb'
'--without-qdbm' '--with-tokyocabinet' 'build_alias=x86_64-linux-gnu'
'CFLAGS=-g -O2 -fdebug-prefix-map=/build/mutt-_5ZJBW/mutt-1.13.2=.
-fstack-protector-strong -Wformat -Werror=format-security' 'LDFLAGS=-Wl
,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time
-D_FORTIFY_SOURCE=2'
Compilation CFLAGS: -Wall -pedantic -Wno-long-long -g -O2 -fdebug-
prefix-map=/build/mutt-_5ZJBW/mutt-1.13.2=. -fstack-protector-strong
-Wformat -Werror=format-security
Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE +USE_FCNTL -USE_FLOCK
+USE_POP +USE_IMAP +USE_SMTP
-USE_SSL_OPENSSL +USE_SSL_GNUTLS +USE_SASL +USE_GSS +HAVE_GETADDRINFO
+HAVE_REGCOMP -USE_GNU_REGEX
+HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET
+HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM +HAVE_FUTIMENS
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME +CRYPT_BACKEND_GPGME
-EXACT_ADDRESS -SUN_ATTACHMENT
+ENABLE_NLS -LOCALES_HACK +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS +HAVE_LIBIDN -HAVE_LIBIDN2 +HAVE_GETSID +USE_HCACHE
+USE_SIDEBAR +USE_COMPRESSED +USE_INOTIFY
-ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
MIXMASTER="mixmaster"
To contact the developers, please mail to <mutt-dev at mutt.org>.
To report a bug, please contact the Mutt maintainers via gitlab:
https://gitlab.com/muttmua/mutt/issues
###
** Affects: mutt (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mutt in Ubuntu.
https://bugs.launchpad.net/bugs/1881449
Title:
mutt fails on non-linear certificate chains
Status in mutt package in Ubuntu:
New
Bug description:
mutt 1.13.2 fails on non-linear certificate chains when the CA that
issued the server shipped intermediate CA has expired but an
intermediate (non expired one) is present within the certificate
store.
Expected behaviour:
- mutt accepts this connection without a certificate warning and asks for username and password
Behaviour is fixed in mutt 1.14.2.
Way to reproduce:
mutt -f imaps://mail.manitu.de
the following message appears within mutt:
###
This certificate belongs to:
COMODO RSA Certification Authority
COMODO CA Limited
Salford Greater Manchester GB
This certificate was issued by:
AddTrust External CA Root
AddTrust AB
AddTrust External TTP Network
SE
This certificate is valid
from Tue, 30 May 2000 10:48:38 UTC
to Sat, 30 May 2020 10:48:38 UTC
SHA1 Fingerprint: F5AD 0BCC 1AD5 6CD1 5072 5B1C 866C 30AD 92EF 21B0
SHA256 Fingerprint: 4F32 D5DC 00F7 1525 0ABC C486 511E 37F5
01A8 99DE B3BF 7EA8 ADBB D3AE F1C4 12DA
WARNING: Server certificate has expired
###
as the server is shipping an intermediate CA issued by an expired CA (AddTrust External CA Root).
OpenSSL validates this connection just fine as "COMODO RSA
Certification Authority" is included within the system's certificate
store.
openssl s_client -connect mail.manitu.de:993
###
003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, CN = *.manitu.de
verify return:1
---
Certificate chain
0 s:OU = Domain Control Validated, CN = *.manitu.de
i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
-----BEGIN CERTIFICATE-----
MIIHqzCCBpOgAwIBAgIQQaVrtZY6LQITn0Zb2mXHVTANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xODA1MjkwMDAwMDBaFw0yMDA4MjYyMzU5NTlaMDkxITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UEAwwLKi5tYW5pdHUuZGUwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQClwKfXTkWH1u2WA9SicE9gg5vY
WK9xJFh8dIjFZE3ksfPFVvHwpQMxEj/DoJD8SWBWdKM7BWdlzlSGLi6iFw+n6mzV
92wz37I54ngYd8VPcn/GkNd+fKnL+mHKDRDq45IERzo93BhBzVpIC29GC2eBZhd/
xefEbb/LQWjeK3ZDt6xBBWvMFV9N4pPcXncdWS3yl+t/MiM5GeU4dT+gdeSMXAOV
h0d+bRpxFeOkSaP/lsj8/khhsy6EfLjnGZDoJenwVFatvSvgv6sBuzcYwHQCxAVj
Omp9+dSD+YO8u1Ffi6lHUA/sDJw8/vniqtqZYfpKKas8kQ6yJqXYQWmDOD2emkrE
vg7Yp91eg1MDqNq39JbxLRyypWC5zDI8/cvmRBwB4TK7NZalD526dPmWzcPOAbeK
1LFZpYxxl0CynnIvakMtmfpatlher0CPutlQv4E4iI8y79D8ckkZKPJ3Sl1Pe7Rc
iX8aNGCY8hQzK/O4/P1zQB5Z7F2pym1/gSDYG68wdVrDeMQqOYPOEjy+D07ShK30
kk4X6tf2vME2PYZGQqUZQrFE0KuTtMSHXqZNKrTYyvRiUEQ8y2T0Wnej1LY3eKRM
8ABl8SGdJvnKrRo21u1e7sOhsFZXgTvSGZXOQbgD6b2IB/A0/60dkiDIj41yqW08
+sNLDAUpWvt/FsWywwIDAQABo4IDVTCCA1EwHwYDVR0jBBgwFoAUkK9qOpRaC9iQ
6hJWc99DtDoo2ucwHQYDVR0OBBYEFILJqXWhWFSldlHetk95ADaak1SCMA4GA1Ud
DwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEBAgIHMCswKQYIKwYBBQUHAgEW
HWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECATBUBgNVHR8E
TTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21h
aW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGFBggrBgEFBQcBAQR5MHcw
TwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQURv
bWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0
dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAhBgNVHREEGjAYggsqLm1hbml0dS5kZYIJ
bWFuaXR1LmRlMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgDuS723dc5guuFC
aR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWOrI3SpAAAEAwBHMEUCIHBywDOdN6pj
eEdmvW8Hu8kWg0EztHl5zI7t+hm5UHL8AiEAiGL1+aUB78za23d7bxqpAHpbpD/P
3odsBi3yDr4jEMcAdwBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAA
AWOrI3TtAAAEAwBIMEYCIQD+vMLkX92U2SpiJ6K/eMH9qUlIQAtZwDIYtv3++NCj
3QIhAMwGvgjQ6eLQ3QDgKBni2nq4DySNxTrad4RH52+SyBYWAHUAVYHUwhaQNgFK
6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFjqyN0zAAABAMARjBEAiAYSvgHMFWq
LsC1bnETQEdJik1W+ie+F0suJBZDqAbvVgIgIzf09fSyHGW1TXKMfDHkpRI5KeCw
Os37kJkFVZi8v3UwDQYJKoZIhvcNAQELBQADggEBAEUDlWrGH9yjr72M0pkbh1mK
kdYXR1ZE1BsAYg7tnpQ7Ndkrgo7QX7ENs20LaXI9duxWOEbgguUzRqehIUf8YrJ2
F9xrszLnVviA6jZikhLeRnZQGYIlTfyAMPWFjmTtAZTfkBVquo7vocnyHADPBDko
SutvmmSnIAHipUtA39Lrdgt6soIZ8RPyZ50WON/jKqHUfzRboYBICMNSN7xa9DhS
iQ4MBTMO3QRVQeDYLSn9gpPG074TdASKDogQlQ/tEydMKL4j/7FV3kKsEiZuSwSF
VGfEvi1voQF4iAlkmcUQTOgnxrghaTFH4Ypfz4mjvuRsTwM/8OmBY6P33Sk8HT0=
-----END CERTIFICATE-----
1 s:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
-----BEGIN CERTIFICATE-----
MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy
MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh
bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0
Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6
ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51
UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n
c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY
MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz
30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG
BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv
bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E
T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v
ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p
mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/
e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps
P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY
dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc
2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG
V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4
HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX
j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII
0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap
lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf
+AZxAeKCINT+b72x
-----END CERTIFICATE-----
2 s:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD
VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw
AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6
2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt
4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq
m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/
vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT
8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE
IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO
KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO
GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/
s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g
JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD
AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9
MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy
bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6
Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ
zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj
Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY
Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5
B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx
PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR
pu/xO28QOG8=
-----END CERTIFICATE-----
---
Server certificate
subject=OU = Domain Control Validated, CN = *.manitu.de
issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA
Limited, CN = COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5741 bytes and written 386 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 5647EA0E9B48DD3AC0474941A2A3453A5BA3E3CD11650ACA5C72024C0991E840
Session-ID-ctx:
Resumption PSK: 5FB013801EE9FAFF81940DCD9B60DA6D1BB897385E6457F411B99AB573AB45C680B4675FBBA14121D3F9E3F3B9D49EB8
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - f0 92 f5 ea 57 92 98 bf-a7 d5 08 4d 40 2d 76 81 ....W......M at -v.
0010 - 4e bf 76 93 a0 cd 6e fd-19 d2 d0 8e ac ee 56 37 N.v...n.......V7
0020 - b9 3c 71 4f 50 7f f5 ea-a9 49 64 23 a2 1b 93 f1 .<qOP....Id#....
0030 - d2 ad 96 7d 12 1b 34 11-8c 25 f9 7f e1 a4 c9 a9 ...}..4..%......
0040 - 35 1c d3 60 8a 5f bb e1-01 f6 ca 8f 22 2b ad c2 5..`._......"+..
0050 - 20 a0 7f 8d 6a 60 5c 7d-89 10 23 02 be 50 bd d9 ...j`\}..#..P..
0060 - 44 6f b0 bd 39 a9 3e 3d-c1 a8 43 ba cf de 8e 5c Do..9.>=..C....\
0070 - 89 4f 6c b4 96 99 2a 79-4e fc 44 26 4a b6 20 f2 .Ol...*yN.D&J. .
0080 - 41 9c 4f f8 31 41 d2 83-63 9d 3e ad a3 af b1 af A.O.1A..c.>.....
0090 - 2e 78 01 a5 4e 38 c1 13-f9 e7 9e a9 26 30 15 ff .x..N8......&0..
00a0 - de 8e 90 6c cc c3 94 67-d8 d1 37 c6 06 43 c1 73 ...l...g..7..C.s
00b0 - 55 1e 44 bf 60 96 71 92-18 65 ec 0a 7f 48 5e bd U.D.`.q..e...H^.
00c0 - d6 e9 cf cf e2 f6 2c 13-e4 4a 20 94 6a e7 42 53 ......,..J .j.BS
00d0 - d6 16 27 a3 e2 b1 e5 c6-9d d5 a9 76 30 31 a9 2b ..'........v01.+
Start Time: 1590886172
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 1FF1B49AA77C472C39257D193150E58879093A685817315595E2847E5C4BE736
Session-ID-ctx:
Resumption PSK: 3119C350C531C16EB39BBAAFF6FDB51F0EABC2F26BC9873638EE5E6AFD0D13F2717FD75A17BBBA461D82345E5B5AE40C
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - f0 92 f5 ea 57 92 98 bf-a7 d5 08 4d 40 2d 76 81 ....W......M at -v.
0010 - 11 fc b0 60 ee 14 8f 20-9e ca 27 ca 50 47 72 cd ...`... ..'.PGr.
0020 - 72 99 71 fe f4 14 41 5b-1a 89 16 9a a1 be 06 15 r.q...A[........
0030 - 59 80 3a 91 a0 3f d4 f8-85 5e 09 1c 7b 7d 1d ad Y.:..?...^..{}..
0040 - 70 4d 5c 9b a7 9f 9b e8-e8 a7 39 d5 74 53 47 cd pM\.......9.tSG.
0050 - 6c aa 96 40 0a 63 ce cd-a8 cb 4d fb 45 77 c6 b1 l.. at .c....M.Ew..
0060 - f4 ff ed fb b9 5d 3f 75-36 62 70 50 f0 d0 42 e5 .....]?u6bpP..B.
0070 - ad c6 30 d4 80 e8 c3 6d-5c bd c8 fd 80 2f 0d fd ..0....m\..../..
0080 - da 1c 2a 43 ff 52 db 86-e2 63 fb a5 23 e4 e4 46 ..*C.R...c..#..F
0090 - 6d 1c f4 c9 20 ce a4 bf-1d dd b9 3d 70 88 a3 53 m... ......=p..S
00a0 - bc cb 0c 84 de 51 34 38-56 26 f5 e8 16 e4 77 fa .....Q48V&....w.
00b0 - 93 af 53 6f 22 44 98 c0-a5 46 f0 38 02 89 e4 e5 ..So"D...F.8....
00c0 - 05 f9 78 3f 43 da b6 71-0d a3 20 25 fe f0 c2 fc ..x?C..q.. %....
00d0 - c8 1f 73 05 4d 39 ab 24-e2 87 47 f5 52 e6 a5 e9 ..s.M9.$..G.R...
Start Time: 1590886172
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
###
lsb_release -rd
###
Description: Ubuntu 20.04 LTS
Release: 20.04
###
apt-cache policy mutt
###
mutt:
Installed: 1.13.2-1
Candidate: 1.13.2-1
Version table:
*** 1.13.2-1 500
500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages
100 /var/lib/dpkg/status
###
mutt -v
###
mutt -v
Mutt 1.13.2 (2019-12-18)
Copyright (C) 1996-2016 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: Linux 5.4.0-31-generic (x86_64)
ncurses: ncurses 6.2.20200212 (compiled with 6.1)
libidn: 1.33 (compiled with 1.33)
hcache backend: tokyocabinet 1.4.48
Compiler:
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/9/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:hsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 9.2.1-22ubuntu1' --with-bugurl=file:///usr/share/doc/gcc-9/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,gm2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-9 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none,hsa --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu --with-build-config=bootstrap-lto-lean --enable-link-mutex
Thread model: posix
gcc version 9.2.1 20191130 (Ubuntu 9.2.1-22ubuntu1)
Configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--
includedir=\${prefix}/include' '--mandir=\${prefix}/share/man' '--
infodir=\${prefix}/share/info' '--sysconfdir=/etc' '--
localstatedir=/var' '--disable-silent-rules' '--
libdir=\${prefix}/lib/x86_64-linux-gnu' '--
libexecdir=\${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-
mode' '--disable-dependency-tracking' '--with-mailpath=/var/mail'
'--enable-compressed' '--enable-debug' '--enable-fcntl' '--enable-
hcache' '--enable-gpgme' '--enable-imap' '--enable-smtp' '--enable-
pop' '--enable-sidebar' '--enable-nntp' '--enable-dotlock' '--disable-
fmemopen' '--with-curses' '--with-gnutls' '--with-gss' '--with-idn'
'--with-mixmaster' '--with-sasl' '--without-gdbm' '--without-bdb'
'--without-qdbm' '--with-tokyocabinet' 'build_alias=x86_64-linux-gnu'
'CFLAGS=-g -O2 -fdebug-prefix-map=/build/mutt-_5ZJBW/mutt-1.13.2=.
-fstack-protector-strong -Wformat -Werror=format-security'
'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS
=-Wdate-time -D_FORTIFY_SOURCE=2'
Compilation CFLAGS: -Wall -pedantic -Wno-long-long -g -O2 -fdebug-
prefix-map=/build/mutt-_5ZJBW/mutt-1.13.2=. -fstack-protector-strong
-Wformat -Werror=format-security
Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE +USE_FCNTL -USE_FLOCK
+USE_POP +USE_IMAP +USE_SMTP
-USE_SSL_OPENSSL +USE_SSL_GNUTLS +USE_SASL +USE_GSS +HAVE_GETADDRINFO
+HAVE_REGCOMP -USE_GNU_REGEX
+HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET
+HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM +HAVE_FUTIMENS
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME +CRYPT_BACKEND_GPGME
-EXACT_ADDRESS -SUN_ATTACHMENT
+ENABLE_NLS -LOCALES_HACK +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS +HAVE_LIBIDN -HAVE_LIBIDN2 +HAVE_GETSID +USE_HCACHE
+USE_SIDEBAR +USE_COMPRESSED +USE_INOTIFY
-ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
MIXMASTER="mixmaster"
To contact the developers, please mail to <mutt-dev at mutt.org>.
To report a bug, please contact the Mutt maintainers via gitlab:
https://gitlab.com/muttmua/mutt/issues
###
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mutt/+bug/1881449/+subscriptions
More information about the foundations-bugs
mailing list