Bug#961984: marked as done (pagekite: Embedded SSL certificate expired)

Tue, 02 Jun 2020 12:39:55 -0700 

Your message dated Tue, 02 Jun 2020 19:35:43 +0000
with message-id <e1jgchl-0006ok...@fasolo.debian.org>
and subject line Bug#961984: fixed in pagekite 1.5.2.200531-1
has caused the Debian Bug report #961984,
regarding pagekite: Embedded SSL certificate expired
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
961984: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961984
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: pagekite
Version: 0.5.6d-1
Severity: serious

Pagekite on my freedombox stopped working a few days ago.  After restart
I noticed this in the pagekite log from systemd:

mai 31 09:42:58 freedombox-betzy pagekite[3982]: ts=5ed36002; 
t=2020-05-31T07:42:58; ll=31; info=Failed to connect; 
FE=2a01:4f9:c010:ba1::1:443
mai 31 09:42:59 freedombox-betzy pagekite[3982]: ts=5ed36003; 
t=2020-05-31T07:42:59; ll=32; err=Error in connect: Traceback (most recent call 
last):   File "/usr/lib/python2.7/dist-packages/pagekite/proto/conns.py", line 
475, in _BackEnd     data, parse = self._Connect(server, conns)   File 
"/usr/lib/python2.7/dist-packages/pagekite/proto/conns.py", line 335, in 
_Connect     self.fd.connect((sspec[0], int(sspec[1])))   File 
"/usr/lib/python2.7/dist-packages/sockschain/__init__.py", line 1017, in 
connect     anonymous=(proxy[P_TYPE] == PROXY_TYPE_SSL_ANON))   File 
"/usr/lib/python2.7/dist-packages/sockschain/__init__.py", line 929, in 
__negotiatessl     connected=True, verify_names=want_hosts)   File 
"/usr/lib/python2.7/dist-packages/sockschain/__init__.py", line 118, in 
SSL_Connect     if verify_names: nsock.do_handshake()   File 
"/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 1915, in do_handshake   
  self._raise_ssl_error(self._ssl, result)   File 
"/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 1647, in 
_raise_ssl_error     _raise_current_error()   File 
"/usr/lib/python2.7/dist-packages/OpenSSL/_util.py", line 54, in 
exception_from_error_queue     raise exception_type(errors) Error: [('SSL 
routines', 'tls_process_server_certificate', 'certificate verify failed')]
mai 31 09:42:59 freedombox-betzy pagekite[3982]: ts=5ed36003; 
t=2020-05-31T07:42:59; ll=33; err=Server response parsing failed: [('SSL 
routines', 'tls_process_server_certificate', 'certificate verify failed')]; 
id=s1
mai 31 09:42:59 freedombox-betzy pagekite[3982]: ts=5ed36003; 
t=2020-05-31T07:42:59; ll=34; eof=1; id=s1
mai 31 09:42:59 freedombox-betzy pagekite[3982]: ts=5ed36003; 
t=2020-05-31T07:42:59; ll=35; info=Failed to connect; FE=95.216.158.189:443

I've been in contact with upstream, who pointed me to 
<URL: 
https://pagekite.wordpress.com/2020/05/30/tls-certificate-validation-issues/ >
explaining the situation.  Sunil is on the case to fix this.  A
workaround is to tell pagekite to use the Debian CA bundle.

I picked a very old version number, as this issue would be present also
in older Debian versions.  I ran into it using Buster (version
0.5.9.3-2), but it is also present in testing and unstable, and probably
every existing pagekite expect the latest upstream version.

Setting severity seriuos as this break the default installation of
pagekite.

-- 
Happy hacking
Petter Reinholdtsen

--- End Message ---
--- Begin Message --- 
Source: pagekite
Source-Version: 1.5.2.200531-1
Done: Federico Ceratto <feder...@debian.org>

We believe that the bug you reported is fixed in the latest version of
pagekite, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 961...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Federico Ceratto <feder...@debian.org> (supplier of updated pagekite package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Jun 2020 20:10:56 +0100
Source: pagekite
Architecture: source
Version: 1.5.2.200531-1
Distribution: unstable
Urgency: medium
Maintainer: FreedomBox packaging team 
<freedombox-pkg-t...@lists.alioth.debian.org>
Changed-By: Federico Ceratto <feder...@debian.org>
Closes: 961984
Changes:
 pagekite (1.5.2.200531-1) unstable; urgency=medium
 .
   [ Sunil Mohan Adapa ]
   * New upstream release
   * Use Debian certificates instead of internal certificates. Fixes
     TLS failures when connecting to front-end servers due to expired
     certificates. (Closes: #961984)
Checksums-Sha1:
 33f8a6144522fef746c6fc9d1b2a4a9383ed61ce 2338 pagekite_1.5.2.200531-1.dsc
 c74b5c1c24244523f71354e8b59fcfcbef1f84dd 689882 
pagekite_1.5.2.200531.orig.tar.gz
 1425405af323a9d17d107344016fe463d66d9ba9 18156 
pagekite_1.5.2.200531-1.debian.tar.xz
 f2d9e849e2a2c73fa9d34eae16dd084703cc74a4 6125 
pagekite_1.5.2.200531-1_amd64.buildinfo
Checksums-Sha256:
 56b324ef3dce126ca847c86ad7ea9d194b89a42999b4231a3aefadf7dd5991d6 2338 
pagekite_1.5.2.200531-1.dsc
 0408879003e4b7d59525c82a79fb1e722c3fe80bda85e3853e3b84c4e2d59511 689882 
pagekite_1.5.2.200531.orig.tar.gz
 5ba717e965bc2a0589e99b098035519502b77183442934cfdd05f1642b70878f 18156 
pagekite_1.5.2.200531-1.debian.tar.xz
 6dc39defd3577be4b3618826be69a6b4fe5598bcafc39682b60516f919f0ec39 6125 
pagekite_1.5.2.200531-1_amd64.buildinfo
Files:
 a93853e65b91921f4d98f8a384e4d5b7 2338 net optional pagekite_1.5.2.200531-1.dsc
 b088622c87d89c9cd1411b2340788a20 689882 net optional 
pagekite_1.5.2.200531.orig.tar.gz
 082cf7940b82b38590b44c521b0fe98f 18156 net optional 
pagekite_1.5.2.200531-1.debian.tar.xz
 4de285d7fff3101bda4176c9c7987592 6125 net optional 
pagekite_1.5.2.200531-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfKfd+zM5IUCMbyuWbzG8RPUXfaoFAl7WpWEACgkQbzG8RPUX
faoJtQ//d0IwfOr+NP1nj5YFpb/b7y0Rdsv9xBMApKxtw359nnfBOaGPWYdXSmsl
gZQ8HUlR8sog44LYsZVmLggkwQZ1tChMrVcJ8CUt3afvytX0YhaigUYLacHXad4g
Y0pK2iu+c23KN778Dg4hlrDDvscOWc6+XUBdYOwVoy1WctCWGKVqY0Fs5yA5G3Gx
dUxjeC2SWm9pvjJYwnmaVqcCQsTTNBFxco7SzJWZFt5diC4lK8YJZXX0cd/sK3if
WULPkdjs7m07W/Y/3KLI4CFUXIXELMLpqK/0U6KEafw9ao6sguKo0CaatlX5dWJR
r6tXp99M4opTe2I7PcdpkDYpofbw2702HkTjdgk6n34pjYx96dW5ivRrydymKDUd
v7cP3ZtyRGpeATQHsLu7h1lg83O74hbImuYg/H3petNG66BhgIruo1QrfSaZ2Unt
dOkg+2nVubCdReUjXALFuMMrGvB2creArqUbzkoVkVVAnI79d1nXKdca7EkOVvaJ
iqxuzif0jEnZeq5dbPBFbVGhKb3UTjx16JavIdEK5u0usjDy5MlDgS1okwWizBr2
7D54YYnWLNOdP+jD5TGJnJ7uSZKhMciuAj/J6/WWIq2JrO/cZwoAmG8iA/Me/EEq
qJYSUrvrgKox7C/60rUTHYvj5uPlu076ISM4A42noTODWIMO21Y=
=AQvN
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to