Michael Meskes <[EMAIL PROTECTED]> writes: > On Tue, Nov 11, 2008 at 02:41:39PM +0100, Simon Josefsson wrote: >> ... >> and then press Ctrl-D, and cut'n'paste the output? I'm interested to >> see the certificate chain of the server. > > Here we go: > > * OK Dovecot ready. > . STARTTLS > . OK Begin TLS negotiation now. > *** Starting TLS handshake > - Ephemeral Diffie-Hellman parameters > - Using prime: 1032 bits > - Secret key: 1016 bits > - Peer's public key: 1024 bits > - Certificate type: X.509 > - Got a certificate list of 1 certificates. > > - Certificate[0] info: > # The hostname in the certificate does NOT match 'localhost'.
I think we have identified the problem, see: http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3216/focus=3230 That patch at least solves the vulnerability and the crash, so possibly it could be uploaded to debian to avoid further troubles until we have released a 2.6.2 with a good fix. /Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
