Debian Bug report logs - #426013
exim4-daemon-heavy Base64 decoding error

version graph

Package: exim4-daemon-heavy; Maintainer for exim4-daemon-heavy is Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>; Source for exim4-daemon-heavy is src:exim4.

Reported by: Mark Adams <mark@campbell-lange.net>

Date: Fri, 25 May 2007 15:24:03 UTC

Severity: normal

Tags: help

Found in version exim4/4.63-17

Fixed in version 4.68-2

Done: Marc Haber <mh+debian-packages@zugschlus.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
New Bug report received and forwarded. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: submit@bugs.debian.org
Subject: exim4-daemon-heavy Base64 decoding error
Date: Fri, 25 May 2007 16:21:36 +0100
Package: exim4-daemon-heavy
Version: 4.63-17

Hi,

Currently trying to setup SMTPS with a comodo ssl certificate. This is
an RSA cert encoded as Base64. The following error is received;

2007-05-13 22:02:17 TLS error on connection from myhost.net [217.147.xx.xx]
    (cert/key set up: cert=/etc/exim4/certificates/newserver_co_uk.crt
     key=/etc/exim4/certificates/newserver_co_uk.pem) : Base64 decoding error.

config used;

MAIN_TLS_ENABLE = yes
MAIN_TLS_PRIVATEKEY = /etc/exim4/certificates/newserver_co_uk.pem
MAIN_TLS_CERTIFICATE = /etc/exim4/certificates/newserver_co_uk.crt

Please advise if more information is required.

-- 
Mark Adams



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 426013@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Mark Adams <mark@campbell-lange.net>, 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Fri, 25 May 2007 19:32:14 +0200
On 2007-05-25 Mark Adams <mark@campbell-lange.net> wrote:
> Package: exim4-daemon-heavy
> Version: 4.63-17

> Hi,

> Currently trying to setup SMTPS with a comodo ssl certificate. This is
> an RSA cert encoded as Base64. The following error is received;

> 2007-05-13 22:02:17 TLS error on connection from myhost.net [217.147.xx.xx]
>     (cert/key set up: cert=/etc/exim4/certificates/newserver_co_uk.crt
>      key=/etc/exim4/certificates/newserver_co_uk.pem) : Base64 decoding error.
[...]

Is the key in PEM format?

If it is in PKCS#8 format (Notable by "-----BEGIN ENCRYPTED
PRIVATE KEY-----" instead of "BEGIN RSA PRIVATE KEY") converting
with openssl pkcs8 might help.

cu andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #15 received at 426013@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Mark Adams <mark@campbell-lange.net>, 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Sat, 26 May 2007 08:52:19 +0200
On 2007-05-25 Mark Adams <mark@campbell-lange.net> wrote:
> On Fri, May 25, 2007 at 07:32:14PM +0200, Andreas Metzler wrote:
>> On 2007-05-25 Mark Adams <mark@campbell-lange.net> wrote:
...]
>>> Currently trying to setup SMTPS with a comodo ssl certificate. This is
>>> an RSA cert encoded as Base64. The following error is received;

>>> 2007-05-13 22:02:17 TLS error on connection from myhost.net [217.147.xx.xx]
>>>     (cert/key set up: cert=/etc/exim4/certificates/newserver_co_uk.crt
>>>      key=/etc/exim4/certificates/newserver_co_uk.pem) : Base64 decoding error.
>> [...]

>> Is the key in PEM format?

>> If it is in PKCS#8 format (Notable by "-----BEGIN ENCRYPTED
>> PRIVATE KEY-----" instead of "BEGIN RSA PRIVATE KEY") converting
>> with openssl pkcs8 might help.


> Yes the key does begin with "BEGIN RSA PRIVATE KEY"

> I had noted the post regarding PKCS8, this sounds very much like the
> same issue except my key does appear to be RSA. Is there anyway that I
> can confirm this?

If "openssl pkcs8  <  exim.key" works then the key is in PKCS8, otherwise
it is not and "openssl rsa  <  exim.key" should work.

Does 
openssl s_server -debug -key exim.key -cert exim.crt
work?
And how about
gnutls-serv --debug 5 --x509keyfile exim.key --x509certfile exim.crt
cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #20 received at 426013@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Mark Adams <mark@campbell-lange.net>, 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Sun, 27 May 2007 10:43:45 +0200
On 2007-05-26 Mark Adams <mark@campbell-lange.net> wrote:
[...] 
>> Does 
>> openssl s_server -debug -key exim.key -cert exim.crt
>> work?
>> And how about
>> gnutls-serv --debug 5 --x509keyfile exim.key --x509certfile exim.crt

> Both of these appear to work fine;

> openssl response;
> Using default temp DH parameters
> Using default temp ECDH parameters
> ACCEPT


> gnutls response;
> Echo Server ready. Listening to port '5556'.

I this might sound daft, but are you really running these tests with
the cert/key pair exim seems to have trouble with?
(/etc/exim4/certificates/newserver_co_uk.crt and
/etc/exim4/certificates/newserver_co_uk.pem)

cu andreas
PS: Please reply to 426013@bugs.debian.org
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #25 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Andreas Metzler <ametzler@downhill.at.eu.org>, 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Wed, 30 May 2007 20:37:04 +0100
...

On Sun, May 27, 2007 at 10:43:45AM +0200, Andreas Metzler wrote:
> On 2007-05-26 Mark Adams <mark@campbell-lange.net> wrote:
> [...] 
> >> Does 
> >> openssl s_server -debug -key exim.key -cert exim.crt
> >> work?
> >> And how about
> >> gnutls-serv --debug 5 --x509keyfile exim.key --x509certfile exim.crt
> 
> > Both of these appear to work fine;
> 
> > openssl response;
> > Using default temp DH parameters
> > Using default temp ECDH parameters
> > ACCEPT
> 
> 
> > gnutls response;
> > Echo Server ready. Listening to port '5556'.
> 
> I this might sound daft, but are you really running these tests with
> the cert/key pair exim seems to have trouble with?
> (/etc/exim4/certificates/newserver_co_uk.crt and
> /etc/exim4/certificates/newserver_co_uk.pem)

Hi Andreas, I know you have to ask. Yes this is being run with the keys
that exim will show the 'Base64 decoding' error.

> 
> cu andreas

Regards,
Mark



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #30 received at 426013@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Mark Adams <mark@campbell-lange.net>, 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Thu, 7 Jun 2007 21:39:52 +0200
On Wed, May 30, 2007 at 08:37:04PM +0100, Mark Adams wrote:
> Hi Andreas, I know you have to ask. Yes this is being run with the keys
> that exim will show the 'Base64 decoding' error.

What happens when you use gnutls-serv and/or openssl s_server with
this certificate and connect to the server with the appropriate (or
the other) client?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #35 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Wed, 20 Jun 2007 16:47:27 +0100
Hi There,

When using gnutls-cli to connect to the client whilst running the
gnutls-server command I get the following response

- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS 1.0
- Key Exchange: DHE RSA
- Cipher: AES 256 CBC
- MAC: SHA
- Compression: DEFLATE
- Handshake was completed

- Simple Client Mode:


Is it failing because of the first 2 responses? this doesn't seem to
relate to any "base64 decoding" error?

Thanks,
Mark

On Thu, Jun 07, 2007 at 09:39:52PM +0200, Marc Haber wrote:
> On Wed, May 30, 2007 at 08:37:04PM +0100, Mark Adams wrote:
> > Hi Andreas, I know you have to ask. Yes this is being run with the keys
> > that exim will show the 'Base64 decoding' error.
> 
> What happens when you use gnutls-serv and/or openssl s_server with
> this certificate and connect to the server with the appropriate (or
> the other) client?
> 
> Greetings
> Marc
> 
> -- 
> -----------------------------------------------------------------------------
> Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
> Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
> Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

-- 
Mark Adams
Technical Manager
Campbell-Lange Workshop Ltd
3 Tottenham Street W1T 2AF
telephone 02076311555
mobile 07809718932
mark@campbell-lange.net
www.campbell-lange.net




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #40 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Thu, 28 Jun 2007 11:42:39 +0100
This note was unclear. I meant,

"when using gnutls-cli to connect to the server whilst it is running the
gnutls-server command I get the following reponse" ..

How can I test this with openssl? is there any other tests I can do to
help this issue ?

Regards,
Mark

On Wed, Jun 20, 2007 at 04:47:27PM +0100, Mark Adams wrote:
> Hi There,
> 
> When using gnutls-cli to connect to the client whilst running the
> gnutls-server command I get the following response
> 
> - Peer's certificate issuer is unknown
> - Peer's certificate is NOT trusted
> - Version: TLS 1.0
> - Key Exchange: DHE RSA
> - Cipher: AES 256 CBC
> - MAC: SHA
> - Compression: DEFLATE
> - Handshake was completed
> 
> - Simple Client Mode:
> 
> 
> Is it failing because of the first 2 responses? this doesn't seem to
> relate to any "base64 decoding" error?
> 
> Thanks,
> Mark
> 
> On Thu, Jun 07, 2007 at 09:39:52PM +0200, Marc Haber wrote:
> > On Wed, May 30, 2007 at 08:37:04PM +0100, Mark Adams wrote:
> > > Hi Andreas, I know you have to ask. Yes this is being run with the keys
> > > that exim will show the 'Base64 decoding' error.
> > 
> > What happens when you use gnutls-serv and/or openssl s_server with
> > this certificate and connect to the server with the appropriate (or
> > the other) client?
> > 
> > Greetings
> > Marc
> > 
> > -- 
> > -----------------------------------------------------------------------------
> > Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
> > Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
> > Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #45 received at 426013@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Mark Adams <mark@campbell-lange.net>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Thu, 28 Jun 2007 13:15:33 +0200
On Wed, Jun 20, 2007 at 04:47:27PM +0100, Mark Adams wrote:
> When using gnutls-cli to connect to the client whilst running the
> gnutls-server command I get the following response
> 
> - Peer's certificate issuer is unknown
> - Peer's certificate is NOT trusted
> - Version: TLS 1.0
> - Key Exchange: DHE RSA
> - Cipher: AES 256 CBC
> - MAC: SHA
> - Compression: DEFLATE
> - Handshake was completed
> 
> - Simple Client Mode:
> 

When you type things in the client, do they show up in the server and
vice versa? Which command lines do you use?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #50 received at 426013@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Mark Adams <mark@campbell-lange.net>, 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Thu, 28 Jun 2007 13:17:11 +0200
On Thu, Jun 28, 2007 at 11:42:39AM +0100, Mark Adams wrote:
> This note was unclear. I meant,
> 
> "when using gnutls-cli to connect to the server whilst it is running the
> gnutls-server command I get the following reponse" ..

If gnutls_server can use the certificates that exim can't, the problem
is somewhere else. Is this a bought certificate, or can you issue a
severely time-limited test certificate to me so that I can try locally?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #55 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Thu, 28 Jun 2007 13:06:36 +0100
On Thu, Jun 28, 2007 at 01:15:33PM +0200, Marc Haber wrote:
> On Wed, Jun 20, 2007 at 04:47:27PM +0100, Mark Adams wrote:
> > When using gnutls-cli to connect to the client whilst running the
> > gnutls-server command I get the following response
> > 
> > - Peer's certificate issuer is unknown
> > - Peer's certificate is NOT trusted
> > - Version: TLS 1.0
> > - Key Exchange: DHE RSA
> > - Cipher: AES 256 CBC
> > - MAC: SHA
> > - Compression: DEFLATE
> > - Handshake was completed
> > 
> > - Simple Client Mode:
> > 
> 
> When you type things in the client, do they show up in the server and
> vice versa? Which command lines do you use?

When I type "hello" in the client (for instance) I get "hello" back in
the client. (see log below for server side reponses)

When I type "hello" in the server, I get nothing back there, and nothing
in the client.

using gnutls-cli -p 5556 hostname

Apologies for long log here but I did not want to miss anything out.

Echo Server ready. Listening to port '5556'.

|<4>| REC[547060]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[547060]: Received Packet[0] Handshake(22) with length: 140
|<4>| REC[547060]: Decrypted Packet[0] Handshake(22) with length: 140
|<3>| HSK[547060]: CLIENT HELLO was received [140 bytes]
|<3>| HSK[547060]: Client's version: 3.2
|<2>| ASSERT: gnutls_db.c:327
|<2>| ASSERT: gnutls_db.c:247
|<3>| HSK[547060]: Selected Compression Method: DEFLATE
|<2>| EXT[547060]: Received extension 'CERT_TYPE'
|<2>| EXT[547060]: Received extension 'SERVER_NAME'
|<2>| ASSERT: gnutls_handshake.c:2674
|<3>| HSK[547060]: Removing ciphersuite: ANON_DH_ARCFOUR_MD5
|<2>| ASSERT: gnutls_handshake.c:2674
|<3>| HSK[547060]: Removing ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1
|<2>| ASSERT: gnutls_handshake.c:2674
|<3>| HSK[547060]: Removing ciphersuite: ANON_DH_AES_128_CBC_SHA1
|<3>| HSK[547060]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[547060]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[547060]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[547060]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[547060]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[547060]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[547060]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[547060]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[547060]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[547060]: Keeping ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[547060]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[547060]: Keeping ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[547060]: Removing ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[547060]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[547060]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<2>| ASSERT: gnutls_handshake.c:2674
|<3>| HSK[547060]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<2>| ASSERT: gnutls_handshake.c:2674
|<3>| HSK[547060]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<2>| ASSERT: gnutls_handshake.c:2664
|<3>| HSK[547060]: Removing ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5
|<3>| HSK[547060]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[547060]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[547060]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[547060]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[547060]: Selected cipher suite: RSA_AES_128_CBC_SHA1
|<3>| HSK[547060]: SessionID: ca761ceecc5a61803da38f461c324b39ac67e0e3c91ccc242cc7cfbcd621fd68
|<3>| HSK[547060]: SERVER HELLO was send [74 bytes]
|<4>| REC[547060]: Sending Packet[0] Handshake(22) with length: 74
|<4>| REC[547060]: Sent Packet[1] Handshake(22) with length: 79
|<4>| REC[547060]: Sent Packet[1] Handshake(22) with length: 79
|<3>| HSK[547060]: CERTIFICATE was send [1359 bytes]
|<4>| REC[547060]: Sending Packet[1] Handshake(22) with length: 1359
|<4>| REC[547060]: Sent Packet[2] Handshake(22) with length: 1364
|<3>| HSK[547060]: CERTIFICATE REQUEST was send [9 bytes]
|<4>| REC[547060]: Sending Packet[2] Handshake(22) with length: 9
|<4>| REC[547060]: Sent Packet[3] Handshake(22) with length: 14
|<3>| HSK[547060]: SERVER HELLO DONE was send [4 bytes]
|<4>| REC[547060]: Sending Packet[3] Handshake(22) with length: 4
|<4>| REC[547060]: Sent Packet[4] Handshake(22) with length: 9
|<2>| ASSERT: gnutls_buffers.c:289
|<2>| ASSERT: gnutls_buffers.c:1087
|<2>| ASSERT: gnutls_handshake.c:949
|<4>| REC[547060]: Expected Packet[1] Handshake(22) with length: 1
|<4>| REC[547060]: Received Packet[1] Handshake(22) with length: 7
|<4>| REC[547060]: Decrypted Packet[1] Handshake(22) with length: 7
|<3>| HSK[547060]: CERTIFICATE was received [7 bytes]
|<2>| ASSERT: auth_cert.c:882
|<2>| ASSERT: gnutls_buffers.c:289
|<2>| ASSERT: gnutls_buffers.c:1087
|<2>| ASSERT: gnutls_handshake.c:949
|<4>| REC[547060]: Expected Packet[2] Handshake(22) with length: 1
|<4>| REC[547060]: Received Packet[2] Handshake(22) with length: 134
|<4>| REC[547060]: Decrypted Packet[2] Handshake(22) with length: 134
|<3>| HSK[547060]: CLIENT KEY EXCHANGE was received [134 bytes]
|<4>| REC[547060]: Expected Packet[3] Change Cipher Spec(20) with length: 1
|<4>| REC[547060]: Received Packet[3] Change Cipher Spec(20) with length: 1
|<4>| REC[547060]: ChangeCipherSpec Packet was received
|<3>| HSK[547060]: Cipher Suite: RSA_AES_128_CBC_SHA1
|<3>| HSK[547060]: Initializing internal [read] cipher sessions
|<4>| REC[547060]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[547060]: Received Packet[0] Handshake(22) with length: 272
|<4>| REC[547060]: Decrypted Packet[0] Handshake(22) with length: 16
|<3>| HSK[547060]: FINISHED was received [16 bytes]
|<3>| REC[547060]: Sent ChangeCipherSpec
|<4>| REC[547060]: Sending Packet[4] Change Cipher Spec(20) with length: 1
|<4>| REC[547060]: Sent Packet[5] Change Cipher Spec(20) with length: 6
|<3>| HSK[547060]: Cipher Suite: RSA_AES_128_CBC_SHA1
|<3>| HSK[547060]: Initializing internal [write] cipher sessions
|<3>| HSK[547060]: FINISHED was send [16 bytes]
|<4>| REC[547060]: Sending Packet[0] Handshake(22) with length: 16
|<4>| REC[547060]: Sent Packet[1] Handshake(22) with length: 85

* connection from ::ffff:10.0.0.33, port 51960
- Given server name[1]: mail.myhost.net
- Certificate type: X.509
No certificates found!

- Peer did not send any certificate.
- Version: TLS 1.1
- Key Exchange: RSA
- Cipher: AES 128 CBC
- MAC: SHA                             
- Compression: DEFLATE
|<2>| ASSERT: gnutls_buffers.c:289
|<4>| REC[547060]: Expected Packet[1] Application Data(23) with length: 1024
|<4>| REC[547060]: Received Packet[1] Application Data(23) with length: 208
|<4>| REC[547060]: Decrypted Packet[1] Application Data(23) with length: 6
|<4>| REC[547060]: Sending Packet[1] Application Data(23) with length: 6
|<4>| REC[547060]: Sent Packet[2] Application Data(23) with length: 181
|<4>| REC[547060]: Expected Packet[2] Application Data(23) with length: 1024
|<4>| REC[547060]: Received Packet[2] Application Data(23) with length: 96
|<4>| REC[547060]: Decrypted Packet[2] Application Data(23) with length: 12
|<4>| REC[547060]: Sending Packet[2] Application Data(23) with length: 12
|<4>| REC[547060]: Sent Packet[3] Application Data(23) with length: 165

                  
> 
> Greetings
> Marc
> 

Regards,
Mark



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #60 received at 426013@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Mark Adams <mark@campbell-lange.net>, 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Sat, 30 Jun 2007 08:43:19 +0200
tags #426013 help
user exim4@packages.debian.org
usertags #426013 gnutls commercial-certificate
thanks

On Thu, Jun 28, 2007 at 01:06:36PM +0100, Mark Adams wrote:
> When I type "hello" in the client (for instance) I get "hello" back in
> the client. (see log below for server side reponses)
> 
> When I type "hello" in the server, I get nothing back there, and nothing
> in the client.

I still do not see the exact command lines that were used to obtain
this output on both sides.

But it looks right, I forgot that gnutls-serv implements an echo
service.

I am afraid that I do not know what is going on here, and that locally
debugging would require me to purchase a certificate from your vendor
just to find out which options and encodings they use and why GnuTLS
does not grok them. I cannot afford doing this.

Tagging the bug accordingly.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190



Tags added: help Request was from Marc Haber <mh+debian-packages@zugschlus.de> to control@bugs.debian.org. (Sat, 30 Jun 2007 06:45:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #67 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Mon, 2 Jul 2007 11:13:41 +0100
On Sat, Jun 30, 2007 at 08:43:19AM +0200, Marc Haber wrote:
> I still do not see the exact command lines that were used to obtain
> this output on both sides.

For server;

gnutls-serv --debug 5 --x509keyfile myhost_net.key --x509certfile myhost_net.crt

And for Client;

gnutls-cli -p 5556 mail.myhost.net

> 
> But it looks right, I forgot that gnutls-serv implements an echo
> service.
> 
> I am afraid that I do not know what is going on here, and that locally
> debugging would require me to purchase a certificate from your vendor
> just to find out which options and encodings they use and why GnuTLS
> does not grok them. I cannot afford doing this.
> 

I am going to query the company to see if they can provide me with any
help. Is there anything you would like to know that I can ask them?

> Tagging the bug accordingly.
> 
> Greetings
> Marc

Thanks,
Mark

> 
> -- 



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #72 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Thu, 5 Jul 2007 11:49:12 +0100
Hi Marc,

You can obtain a free 90 day trial certificate from this company, see

http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html

This is the company that I purchased my cert from, they are comodo
resellers

I would be very greatful if you would be interested in looking in to
this further.

Best Regards,
Mark

> 
> I am afraid that I do not know what is going on here, and that locally
> debugging would require me to purchase a certificate from your vendor
> just to find out which options and encodings they use and why GnuTLS
> does not grok them. I cannot afford doing this.
> 
> Tagging the bug accordingly.
> 
> Greetings
> Marc



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #77 received at 426013@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Mark Adams <mark@campbell-lange.net>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Mon, 9 Jul 2007 14:58:40 +0200
On Thu, Jul 05, 2007 at 11:49:12AM +0100, Mark Adams wrote:
> You can obtain a free 90 day trial certificate from this company, see
> 
> http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html
> 
> This is the company that I purchased my cert from, they are comodo
> resellers
> 
> I would be very greatful if you would be interested in looking in to
> this further.

I have obtained a free certificate for torres.zugschlus.de and have
installed it on torres' exim. It seems to work fine. Please check with
torres.zugschlus.de on TCP/25 with STARTTLS for the next few days.

Just for the record, the private key I created starts with "-----BEGIN
RSA PRIVATE KEY-----", and openssl rsa is the only thing that works,
openssl pkcs8 complains: "18344:error:0906D06C:PEM
routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ENCRYPTED
PRIVATE KEY"

It looks like a more specific issue that does not apply to all
certificates.

The fact that they do not have an "OpenSSL" field in their software
selection and inist that it is apache's mod_ssl that issues the
certificate request does not show extraordinary high knowhow.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #82 received at 426013@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Marc Haber <mh+debian-packages@zugschlus.de>, 426013@bugs.debian.org, 426013-submitter@bugs.debian.org
Cc: Mark Adams <mark@campbell-lange.net>
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Wed, 5 Sep 2007 20:27:36 +0200
On Mon, Jul 09, 2007 at 02:58:40PM +0200, Marc Haber wrote:
> I have obtained a free certificate for torres.zugschlus.de and have
> installed it on torres' exim. It seems to work fine. Please check with
> torres.zugschlus.de on TCP/25 with STARTTLS for the next few days.

I will change torres.zugschlus.de back to its normal certificate on
September 15 and would appreciate if you could do some testing before
this date.

Currently, the bug is unreproducible for me.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Message sent on to Mark Adams <mark@campbell-lange.net>:
Bug#426013. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #90 received at 426013@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Marc Haber <mh+debian-packages@zugschlus.de>, 426013@bugs.debian.org, 426013-submitter@bugs.debian.org
Cc: Mark Adams <mark@campbell-lange.net>
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Tue, 4 Dec 2007 11:46:44 +0100
On Wed, Sep 05, 2007 at 08:27:36PM +0200, Marc Haber wrote:
> Currently, the bug is unreproducible for me.

Just for the record, the certificate/key that I used on my system were
ASCII text files with "0A" (LF only) line breaks, and contained no
non-ASCII chars by virtue of
| sudo cat /etc/exim4/tls/certs/comodo.crt /etc/exim4/tls/key/comodo.key | LANG=C grep '[^-+/=a-zA-Z0-9 ]'

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835




Message sent on to Mark Adams <mark@campbell-lange.net>:
Bug#426013. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #98 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Marc Haber <mh+debian-packages@zugschlus.de>, 426013-quiet@bugs.debian.org
Cc: 426013@bugs.debian.org, 426013-submitter@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Tue, 11 Dec 2007 11:16:43 +0000
Hello,

I have tried this again with the reissued certificate. Unfortunately the
same error still occurs.

It appears this must be something to do with the fact that this is a
wildcard certificate (*.domain.co.uk) as the exact configuration works
fine on other servers with single host certificates. (mail.domain.co.uk)

Mark

On Tue, Dec 04, 2007 at 11:46:44AM +0100, Marc Haber wrote:
> On Wed, Sep 05, 2007 at 08:27:36PM +0200, Marc Haber wrote:
> > Currently, the bug is unreproducible for me.
> 
> Just for the record, the certificate/key that I used on my system were
> ASCII text files with "0A" (LF only) line breaks, and contained no
> non-ASCII chars by virtue of
> | sudo cat /etc/exim4/tls/certs/comodo.crt /etc/exim4/tls/key/comodo.key | LANG=C grep '[^-+/=a-zA-Z0-9 ]'
> 
> Greetings
> Marc
> 
> -- 
> -----------------------------------------------------------------------------
> Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
> Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
> Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835
> 
> 




Information stored:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message sent on to Mark Adams <mark@campbell-lange.net>:
Bug#426013. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #111 received at 426013@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Mark Adams <mark@campbell-lange.net>, 426013@bugs.debian.org
Cc: 426013-quiet@bugs.debian.org, 426013-submitter@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Tue, 11 Dec 2007 12:41:13 +0100
On Tue, Dec 11, 2007 at 11:16:43AM +0000, Mark Adams wrote:
> I have tried this again with the reissued certificate. Unfortunately the
> same error still occurs.

Can you please verify whether your certificate and key use 0A (LF
only) line breaks and do not contain non-ASCII characters?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190




Information stored:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message sent on to Mark Adams <mark@campbell-lange.net>:
Bug#426013. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #124 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Marc Haber <mh+debian-packages@zugschlus.de>, 426013-quiet@bugs.debian.org
Cc: 426013@bugs.debian.org, 426013-submitter@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Tue, 11 Dec 2007 13:01:41 +0000
Hello,

I have checked this, they are ASCII only with unix line endings.

Could it be something to do with the * ? (wildcard certificate)

Mark

On Tue, Dec 11, 2007 at 12:41:13PM +0100, Marc Haber wrote:
> On Tue, Dec 11, 2007 at 11:16:43AM +0000, Mark Adams wrote:
> > I have tried this again with the reissued certificate. Unfortunately the
> > same error still occurs.
> 
> Can you please verify whether your certificate and key use 0A (LF
> only) line breaks and do not contain non-ASCII characters?
> 
> Greetings
> Marc
> 
> -- 
> -----------------------------------------------------------------------------
> Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
> Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
> Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190
> 




Information stored:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message sent on to Mark Adams <mark@campbell-lange.net>:
Bug#426013. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #137 received at 426013@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Mark Adams <mark@campbell-lange.net>, 426013@bugs.debian.org
Cc: 426013-quiet@bugs.debian.org, 426013-submitter@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Tue, 11 Dec 2007 14:14:50 +0100
On Tue, Dec 11, 2007 at 01:01:41PM +0000, Mark Adams wrote:
> I have checked this, they are ASCII only with unix line endings.
> 
> Could it be something to do with the * ? (wildcard certificate)

Possible. I'll see whether they'll issue me a test wildcard cert.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190




Information stored:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message sent on to Mark Adams <mark@campbell-lange.net>:
Bug#426013. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+0636mail@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #150 received at 426013@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+0636mail@zugschlus.de>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: Mark Adams <mark@campbell-lange.net>, 426013@bugs.debian.org, 426013-quiet@bugs.debian.org, 426013-submitter@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Tue, 11 Dec 2007 14:21:48 +0100
On Tue, Dec 11, 2007 at 02:14:50PM +0100, Marc Haber wrote:
> On Tue, Dec 11, 2007 at 01:01:41PM +0000, Mark Adams wrote:
> > I have checked this, they are ASCII only with unix line endings.
> > 
> > Could it be something to do with the * ? (wildcard certificate)
> 
> Possible. I'll see whether they'll issue me a test wildcard cert.

They won't, and I do not have a budget to buy a test wildcard cert,
and a self-signed wildcard cert build in OpenSSL is read alright by
gnutls-serv. I am afraid we're out of luck here.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190




Information stored:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+0636mail@zugschlus.de>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message sent on to Mark Adams <mark@campbell-lange.net>:
Bug#426013. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #163 received at 426013@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Mark Adams <mark@campbell-lange.net>
Cc: 426013@bugs.debian.org, Andreas Metzler <ametzler@downhill.at.eu.org>
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Mon, 24 Dec 2007 21:20:20 +0100
* Mark Adams:

>> I this might sound daft, but are you really running these tests with
>> the cert/key pair exim seems to have trouble with?
>> (/etc/exim4/certificates/newserver_co_uk.crt and
>> /etc/exim4/certificates/newserver_co_uk.pem)
>
> Hi Andreas, I know you have to ask. Yes this is being run with the keys
> that exim will show the 'Base64 decoding' error.

Could this be a permission issue?




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #168 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: "426013@bugs.debian.org" <426013@bugs.debian.org>, Andreas Metzler <ametzler@downhill.at.eu.org>
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Tue, 25 Dec 2007 20:00:58 +0000
No, permissions are correct. This seems to be a problem with wildcard  
SSL certs.

Mark.


On 24 Dec 2007, at 20:20, Florian Weimer <fw@deneb.enyo.de> wrote:

> * Mark Adams:
>
>>> I this might sound daft, but are you really running these tests with
>>> the cert/key pair exim seems to have trouble with?
>>> (/etc/exim4/certificates/newserver_co_uk.crt and
>>> /etc/exim4/certificates/newserver_co_uk.pem)
>>
>> Hi Andreas, I know you have to ask. Yes this is being run with the  
>> keys
>> that exim will show the 'Base64 decoding' error.
>
> Could this be a permission issue?




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to "Nikos Mavrogiannopoulos" <n.mavrogiannopoulos@gmail.com>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #173 received at 426013@bugs.debian.org (full text, mbox):

From: "Nikos Mavrogiannopoulos" <n.mavrogiannopoulos@gmail.com>
To: 426013@bugs.debian.org
Cc: gnutls-devel@gnu.org
Subject: Re: Problems with specific certificate/key (Debian Bug #426013)
Date: Fri, 4 Jan 2008 09:39:32 +0200
[Message part 1 (text/plain, inline)]
On Jan 3, 2008 2:36 AM, Marc Haber <mh+gnutls-devel@zugschlus.de> wrote:

> Hi,
>
> Simon writes:
> > Appears to be an unreprodicible problem with a specific
> > certificate/key which the user cannot reveal. Another certificate/key
> > from the same CA works fine. Theory: could it be CRLF problems? Other
> > non-ASCII characters in the file? Nothing indicates a real GnuTLS
> > problem here.
> > Conclusion: Likely not a GnuTLS problem.
>
> I think that this conclusion was built too fast, but we do not have
> sufficient information to know this.
>
> The original reporter has said in the mean time that there are no
> non-ascii chars in the file and that there are no CRLF issues here.
> Currently, it is suspected that GnuTLS has issues with the fact that
> the certificate is a wildcard certificate.


By reading this report, I'm really curious which gnutls version is used, and

whether the gnutls-serv and exim are linked on the same version of gnutls.
Does this occur if exim is linked on gnutls 2.2?

regards,
Nikos
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #178 received at 426013@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Mark Adams <mark@campbell-lange.net>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Fri, 04 Jan 2008 12:22:51 +0100
Hi Mark!  I'm trying to help debug this problem.  Could you please post
the output from running:

certtool -i < /etc/exim4/certificates/newserver_co_uk.crt

Could you also check that

certtool -k < /etc/exim4/certificates/newserver_co_uk.pem

works?  Don't post the output, as that would compromise your private
key.

Do the files contain anything except one certificate and one private key
respectively?

The next step would be to install libgnutls-dbg and set a breakpoint on
gnutls_certificate_set_x509_key_file to see where it fails.

I'm trying to confirm that the problem only happens inside exim, and not
inside gnutls.  That seems strange, but the discussions in the bug
report earlier suggests this.

Fwiw, I believe this problem has nothing to do with a wildcard cert, the
code that fails reads:

  DEBUG(D_tls) debug_printf("certificate file = %s\nkey file = %s\n",
    cert_expanded, key_expanded);
  rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded,
    CS key_expanded, GNUTLS_X509_FMT_PEM);
  if (rc < 0)
    {
    uschar *msg = string_sprintf("cert/key setup: cert=%s key=%s",
      cert_expanded, key_expanded);
    return tls_error(msg, host, rc);
    }

That function does not care whether the certificate is a wildcard one.

/Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #183 received at 426013@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Mark Adams <mark@campbell-lange.net>, 426013@bugs.debian.org, 426013-submitter@bugs.debian.org
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, n.mavrogiannopoulos@gmail.com, simon@josefsson.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Tue, 19 Feb 2008 13:04:51 +0100
tags #426013 moreinfo
thanks

On Tue, Dec 25, 2007 at 08:00:58PM +0000, Mark Adams wrote:
> No, permissions are correct. This seems to be a problem with wildcard  
> SSL certs.

Hi Mark,

on January 4, Simon Josefsson and Nikos Mavrogiannopoulos, both of
which knowing a lot about GnuTLS, asked questions and gave hints how
to find out more about your certificate issues.

May I remind that the bug is not going to be isolated if you do not
reply? If you answer them, please be sure to Cc: them since I guess
that they are not on the bug distribution list.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835




Message sent on to Mark Adams <mark@campbell-lange.net>:
Bug#426013. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #191 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Simon Josefsson <simon@josefsson.org>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Mon, 25 Feb 2008 18:12:32 +0000
Hi Simon,

Apologies for the very late reply.

certool works fine on the .crt file, but not on the .key - I get the
Base64 decoding error.

certtool: Import error: Base64 decoding error.

The file appears to be in the correct format.

Regards,
Mark


On Fri, Jan 04, 2008 at 12:22:51PM +0100, Simon Josefsson wrote:
> Hi Mark!  I'm trying to help debug this problem.  Could you please post
> the output from running:
> 
> certtool -i < /etc/exim4/certificates/newserver_co_uk.crt
> 
> Could you also check that
> 
> certtool -k < /etc/exim4/certificates/newserver_co_uk.pem
> 
> works?  Don't post the output, as that would compromise your private
> key.
> 
> Do the files contain anything except one certificate and one private key
> respectively?
> 
> The next step would be to install libgnutls-dbg and set a breakpoint on
> gnutls_certificate_set_x509_key_file to see where it fails.
> 
> I'm trying to confirm that the problem only happens inside exim, and not
> inside gnutls.  That seems strange, but the discussions in the bug
> report earlier suggests this.
> 
> Fwiw, I believe this problem has nothing to do with a wildcard cert, the
> code that fails reads:
> 
>   DEBUG(D_tls) debug_printf("certificate file = %s\nkey file = %s\n",
>     cert_expanded, key_expanded);
>   rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded,
>     CS key_expanded, GNUTLS_X509_FMT_PEM);
>   if (rc < 0)
>     {
>     uschar *msg = string_sprintf("cert/key setup: cert=%s key=%s",
>       cert_expanded, key_expanded);
>     return tls_error(msg, host, rc);
>     }
> 
> That function does not care whether the certificate is a wildcard one.
> 
> /Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #196 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: n.mavrogiannopoulos@gmail.com
Cc: 426013@bugs.debian.org, gnutls-devel@gnu.org, mh+debian-packages@zugschlus.de
Subject: Re: Problems with specific certificate/key (Debian Bug #426013)
Date: Wed, 27 Feb 2008 17:49:40 +0000
On Jan 3, 2008 2:36 AM, Marc Haber <mh+gnutls-devel@zugschlus.de> wrote:

> Hi,
>
> Simon writes:
> > Appears to be an unreprodicible problem with a specific
> > certificate/key which the user cannot reveal. Another
> > certificate/key
> > from the same CA works fine. Theory: could it be CRLF problems?
> > Other
> > non-ASCII characters in the file? Nothing indicates a real GnuTLS
> > problem here.
> > Conclusion: Likely not a GnuTLS problem.
>
> I think that this conclusion was built too fast, but we do not have
> sufficient information to know this.
>
> The original reporter has said in the mean time that there are no
> non-ascii chars in the file and that there are no CRLF issues here.
> Currently, it is suspected that GnuTLS has issues with the fact that
> the certificate is a wildcard certificate.


>By reading this report, I'm really curious which gnutls version is used,
>and
>
>whether the gnutls-serv and exim are linked on the same version of
>gnutls.
>Does this occur if exim is linked on gnutls 2.2?
>

I'm using gnutls 2.0.4 at present (this is the current debian testing
version). Is it possibly a known issue with this version? I can not
install the new version at present, as this is a production server. I
will be able to test this if you think it will correct the issue.

For reference, gnutls-serv and gnutl-client work with this cert/key
pair. I can run the server fine using;

gnutls-serv --debug 5 --x509keyfile myhost_net.key --x509certfile myhost_net.crt

And the client can connect using;

gnutls-cli -p 5556 mail.myhost.net

however, when using certtool -i < my key file failes with the base 64
decoding error.

certtool: Import error: Base64 decoding error.


>
>regards,
>Nikos

Thanks for your interest,

Regards
Mark




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #201 received at 426013@bugs.debian.org (full text, mbox):

From: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
To: Mark Adams <mark@campbell-lange.net>
Cc: 426013@bugs.debian.org, gnutls-devel@gnu.org, mh+debian-packages@zugschlus.de
Subject: Re: Problems with specific certificate/key (Debian Bug #426013)
Date: Wed, 27 Feb 2008 23:07:02 +0200
Mark Adams wrote:
> On Jan 3, 2008 2:36 AM, Marc Haber <mh+gnutls-devel@zugschlus.de> wrote:

> I'm using gnutls 2.0.4 at present (this is the current debian testing
> version). Is it possibly a known issue with this version? I can not
> install the new version at present, as this is a production server. I
> will be able to test this if you think it will correct the issue.
> 
> For reference, gnutls-serv and gnutl-client work with this cert/key
> pair. I can run the server fine using;
> 
> gnutls-serv --debug 5 --x509keyfile myhost_net.key --x509certfile myhost_net.crt
> 
> And the client can connect using;
> 
> gnutls-cli -p 5556 mail.myhost.net
> 
> however, when using certtool -i < my key file failes with the base 64
> decoding error.

This is normal. The -i parameter only reads certificates. You should use 
the -k option to parse the key. Do you use the same file to hold the key 
and the certificate? Also in your tests please use the -d 2 parameter to 
 output more verbose information.

regards,
Nikos




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #206 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Cc: 426013@bugs.debian.org, gnutls-devel@gnu.org, mh+debian-packages@zugschlus.de
Subject: Re: Problems with specific certificate/key (Debian Bug #426013)
Date: Thu, 28 Feb 2008 12:51:46 +0000
On Wed, Feb 27, 2008 at 11:07:02PM +0200, Nikos Mavrogiannopoulos wrote:
> Mark Adams wrote:
>> On Jan 3, 2008 2:36 AM, Marc Haber <mh+gnutls-devel@zugschlus.de> wrote:
>
>> I'm using gnutls 2.0.4 at present (this is the current debian testing
>> version). Is it possibly a known issue with this version? I can not
>> install the new version at present, as this is a production server. I
>> will be able to test this if you think it will correct the issue.
>>
>> For reference, gnutls-serv and gnutl-client work with this cert/key
>> pair. I can run the server fine using;
>>
>> gnutls-serv --debug 5 --x509keyfile myhost_net.key --x509certfile myhost_net.crt
>>
>> And the client can connect using;
>>
>> gnutls-cli -p 5556 mail.myhost.net
>>
>> however, when using certtool -i < my key file failes with the base 64
>> decoding error.
>
> This is normal. The -i parameter only reads certificates. You should use  
> the -k option to parse the key. Do you use the same file to hold the key  
> and the certificate? Also in your tests please use the -d 2 parameter to  
>  output more verbose information.
>
> regards,
> Nikos

Hi, I have run this and all appears fine, please advise what output you
require.

Please also advise what other tests I can run

Regards
Mark




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #211 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Cc: 426013@bugs.debian.org, gnutls-devel@gnu.org, mh+debian-packages@zugschlus.de
Subject: Re: Problems with specific certificate/key (Debian Bug #426013)
Date: Thu, 28 Feb 2008 13:26:42 +0000
On Thu, Feb 28, 2008 at 12:51:46PM +0000, Mark Adams wrote:
> On Wed, Feb 27, 2008 at 11:07:02PM +0200, Nikos Mavrogiannopoulos wrote:
> > Mark Adams wrote:
> >> On Jan 3, 2008 2:36 AM, Marc Haber <mh+gnutls-devel@zugschlus.de> wrote:
> >
> >> I'm using gnutls 2.0.4 at present (this is the current debian testing
> >> version). Is it possibly a known issue with this version? I can not
> >> install the new version at present, as this is a production server. I
> >> will be able to test this if you think it will correct the issue.
> >>
> >> For reference, gnutls-serv and gnutl-client work with this cert/key
> >> pair. I can run the server fine using;
> >>
> >> gnutls-serv --debug 5 --x509keyfile myhost_net.key --x509certfile myhost_net.crt
> >>
> >> And the client can connect using;
> >>
> >> gnutls-cli -p 5556 mail.myhost.net
> >>
> >> however, when using certtool -i < my key file failes with the base 64
> >> decoding error.
> >
> > This is normal. The -i parameter only reads certificates. You should use  
> > the -k option to parse the key. Do you use the same file to hold the key  
> > and the certificate? Also in your tests please use the -d 2 parameter to  
> >  output more verbose information.
> >
> > regards,
> > Nikos
> 
> Hi, I have run this and all appears fine, please advise what output you
> require.
> 
> Please also advise what other tests I can run
> 
> Regards
> Mark

I can confirm that it is the right format from this test;

Public Key Info:
        Public Key Algorithm: RSA

Mark




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #216 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Simon Josefsson <simon@josefsson.org>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Thu, 28 Feb 2008 13:28:03 +0000
On Fri, Jan 04, 2008 at 12:22:51PM +0100, Simon Josefsson wrote:
> Hi Mark!  I'm trying to help debug this problem.  Could you please post
> the output from running:
> 
> certtool -i < /etc/exim4/certificates/newserver_co_uk.crt
> 
> Could you also check that
> 
> certtool -k < /etc/exim4/certificates/newserver_co_uk.pem
> 
> works?  Don't post the output, as that would compromise your private
> key.
> 
> Do the files contain anything except one certificate and one private key
> respectively?
> 
> The next step would be to install libgnutls-dbg and set a breakpoint on
> gnutls_certificate_set_x509_key_file to see where it fails.
> 
> I'm trying to confirm that the problem only happens inside exim, and not
> inside gnutls.  That seems strange, but the discussions in the bug
> report earlier suggests this.
> 
> Fwiw, I believe this problem has nothing to do with a wildcard cert, the
> code that fails reads:
> 
>   DEBUG(D_tls) debug_printf("certificate file = %s\nkey file = %s\n",
>     cert_expanded, key_expanded);
>   rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded,
>     CS key_expanded, GNUTLS_X509_FMT_PEM);
>   if (rc < 0)
>     {
>     uschar *msg = string_sprintf("cert/key setup: cert=%s key=%s",
>       cert_expanded, key_expanded);
>     return tls_error(msg, host, rc);
>     }
> 
> That function does not care whether the certificate is a wildcard one.
> 
> /Simon

Hi Simon,

I have tried the tests and they work, can you please advise how to go
about setting a breakpoint as you suggest for the next test?

Thanks,
Mark




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #221 received at 426013@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Mark Adams <mark@campbell-lange.net>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Thu, 28 Feb 2008 14:58:36 +0100
Hi!  Looking over the entire bug report, I'm confused by the path names.
Early in your bug report the files were:

MAIN_TLS_PRIVATEKEY = /etc/exim4/certificates/newserver_co_uk.pem
MAIN_TLS_CERTIFICATE = /etc/exim4/certificates/newserver_co_uk.crt

This means the /etc/exim4/certificates/newserver_co_uk.crt file should
contain something like:

-----BEGIN CERTIFICATE-----
MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251
VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw
GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB
iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL
ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN
zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG
A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg
ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc
+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ
jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/
U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy
dc8Siq5JojruiMizAf0pA7in
-----END CERTIFICATE-----

and the /etc/exim4/certificates/newserver_co_uk.pem file should contain
something like:

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8
9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN
aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB
AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF
PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF
RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy
7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK
ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9
TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD
ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ
YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX
/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv
sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=
-----END RSA PRIVATE KEY-----

Can you confirm that the files, respectively, have the proper headers?

If the files contain anything else but content like the above, that may
be the problem.

I don't understand what the .key file is.  Can you confirm that
'certtool -k /etc/exim4/certificates/newserver_co_uk.pem' works?

It is important to run the tests on the exact same files as the ones
used by exim.

Do you still get the exact same exim error message?  Note that if the
*.crt and *.pem filenames are mixed up, that would explain everything.

2007-05-13 22:02:17 TLS error on connection from myhost.net [217.147.xx.xx]
    (cert/key set up: cert=/etc/exim4/certificates/newserver_co_uk.crt
     key=/etc/exim4/certificates/newserver_co_uk.pem) : Base64 decoding error.

/Simon

Mark Adams <mark@campbell-lange.net> writes:

> Hi Simon,
>
> Apologies for the very late reply.
>
> certool works fine on the .crt file, but not on the .key - I get the
> Base64 decoding error.
>
> certtool: Import error: Base64 decoding error.
>
> The file appears to be in the correct format.
>
> Regards,
> Mark
>
>
> On Fri, Jan 04, 2008 at 12:22:51PM +0100, Simon Josefsson wrote:
>> Hi Mark!  I'm trying to help debug this problem.  Could you please post
>> the output from running:
>> 
>> certtool -i < /etc/exim4/certificates/newserver_co_uk.crt
>> 
>> Could you also check that
>> 
>> certtool -k < /etc/exim4/certificates/newserver_co_uk.pem
>> 
>> works?  Don't post the output, as that would compromise your private
>> key.
>> 
>> Do the files contain anything except one certificate and one private key
>> respectively?
>> 
>> The next step would be to install libgnutls-dbg and set a breakpoint on
>> gnutls_certificate_set_x509_key_file to see where it fails.
>> 
>> I'm trying to confirm that the problem only happens inside exim, and not
>> inside gnutls.  That seems strange, but the discussions in the bug
>> report earlier suggests this.
>> 
>> Fwiw, I believe this problem has nothing to do with a wildcard cert, the
>> code that fails reads:
>> 
>>   DEBUG(D_tls) debug_printf("certificate file = %s\nkey file = %s\n",
>>     cert_expanded, key_expanded);
>>   rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded,
>>     CS key_expanded, GNUTLS_X509_FMT_PEM);
>>   if (rc < 0)
>>     {
>>     uschar *msg = string_sprintf("cert/key setup: cert=%s key=%s",
>>       cert_expanded, key_expanded);
>>     return tls_error(msg, host, rc);
>>     }
>> 
>> That function does not care whether the certificate is a wildcard one.
>> 
>> /Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #226 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Simon Josefsson <simon@josefsson.org>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Thu, 28 Feb 2008 14:15:57 +0000
Hi Simon, Thanks for the reply.

Apologies for the confusion, I renamed .pem to .key in the middle of the
process for my own clarification. the Certificate file does look like
that, except it is much longer, atleast twice as long. it starts with
the BEGIN line and ends with the END line.

The .key file also begins with the BEGIN RSA PRIVATE KEY and ends with
the right line. 

when I run certtool -k < newserver_co_uk.key the beginning starts with

Public Key Info:
        Public Key Algorithm: RSA

when I run certool -i < newerver_co_uk.crt It begins with the following
output

X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 78712b9b85f057731ea88fb1b9527153
        Issuer: C=US,ST=UT,L=Salt Lake City,O=The USERTRUST Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware
        Validity:
                Not Before: Thu May 10 00:00:00 UTC 2007
                Not After: Sat May  9 23:59:59 UTC 2009
        Subject Public Key Algorithm: RSA

*NOTE* I have removed the Subject: line from this mail.

Best regards,
Mark

On Thu, Feb 28, 2008 at 02:58:36PM +0100, Simon Josefsson wrote:
> Hi!  Looking over the entire bug report, I'm confused by the path names.
> Early in your bug report the files were:
> 
> MAIN_TLS_PRIVATEKEY = /etc/exim4/certificates/newserver_co_uk.pem
> MAIN_TLS_CERTIFICATE = /etc/exim4/certificates/newserver_co_uk.crt
> 
> This means the /etc/exim4/certificates/newserver_co_uk.crt file should
> contain something like:
> 
> -----BEGIN CERTIFICATE-----
> MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251
> VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw
> GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB
> iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL
> ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN
> zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG
> A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg
> ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc
> +62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ
> jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/
> U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy
> dc8Siq5JojruiMizAf0pA7in
> -----END CERTIFICATE-----
> 
> and the /etc/exim4/certificates/newserver_co_uk.pem file should contain
> something like:
> 
> -----BEGIN RSA PRIVATE KEY-----
> MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8
> 9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN
> aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB
> AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF
> PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF
> RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy
> 7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK
> ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9
> TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD
> ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ
> YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX
> /iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv
> sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=
> -----END RSA PRIVATE KEY-----
> 
> Can you confirm that the files, respectively, have the proper headers?
> 
> If the files contain anything else but content like the above, that may
> be the problem.
> 
> I don't understand what the .key file is.  Can you confirm that
> 'certtool -k /etc/exim4/certificates/newserver_co_uk.pem' works?
> 
> It is important to run the tests on the exact same files as the ones
> used by exim.
> 
> Do you still get the exact same exim error message?  Note that if the
> *.crt and *.pem filenames are mixed up, that would explain everything.
> 
> 2007-05-13 22:02:17 TLS error on connection from myhost.net [217.147.xx.xx]
>     (cert/key set up: cert=/etc/exim4/certificates/newserver_co_uk.crt
>      key=/etc/exim4/certificates/newserver_co_uk.pem) : Base64 decoding error.
> 
> /Simon
> 
> Mark Adams <mark@campbell-lange.net> writes:
> 
> > Hi Simon,
> >
> > Apologies for the very late reply.
> >
> > certool works fine on the .crt file, but not on the .key - I get the
> > Base64 decoding error.
> >
> > certtool: Import error: Base64 decoding error.
> >
> > The file appears to be in the correct format.
> >
> > Regards,
> > Mark
> >
> >
> > On Fri, Jan 04, 2008 at 12:22:51PM +0100, Simon Josefsson wrote:
> >> Hi Mark!  I'm trying to help debug this problem.  Could you please post
> >> the output from running:
> >> 
> >> certtool -i < /etc/exim4/certificates/newserver_co_uk.crt
> >> 
> >> Could you also check that
> >> 
> >> certtool -k < /etc/exim4/certificates/newserver_co_uk.pem
> >> 
> >> works?  Don't post the output, as that would compromise your private
> >> key.
> >> 
> >> Do the files contain anything except one certificate and one private key
> >> respectively?
> >> 
> >> The next step would be to install libgnutls-dbg and set a breakpoint on
> >> gnutls_certificate_set_x509_key_file to see where it fails.
> >> 
> >> I'm trying to confirm that the problem only happens inside exim, and not
> >> inside gnutls.  That seems strange, but the discussions in the bug
> >> report earlier suggests this.
> >> 
> >> Fwiw, I believe this problem has nothing to do with a wildcard cert, the
> >> code that fails reads:
> >> 
> >>   DEBUG(D_tls) debug_printf("certificate file = %s\nkey file = %s\n",
> >>     cert_expanded, key_expanded);
> >>   rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded,
> >>     CS key_expanded, GNUTLS_X509_FMT_PEM);
> >>   if (rc < 0)
> >>     {
> >>     uschar *msg = string_sprintf("cert/key setup: cert=%s key=%s",
> >>       cert_expanded, key_expanded);
> >>     return tls_error(msg, host, rc);
> >>     }
> >> 
> >> That function does not care whether the certificate is a wildcard one.
> >> 
> >> /Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #231 received at 426013@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Mark Adams <mark@campbell-lange.net>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Thu, 28 Feb 2008 15:21:46 +0100
Mark Adams <mark@campbell-lange.net> writes:

> Hi Simon, Thanks for the reply.
>
> Apologies for the confusion, I renamed .pem to .key in the middle of the
> process for my own clarification. the Certificate file does look like
> that, except it is much longer, atleast twice as long. it starts with
> the BEGIN line and ends with the END line.

Yeah, the size for a real certificate will likely be much larger.  That
was a short test certificate.

> The .key file also begins with the BEGIN RSA PRIVATE KEY and ends with
> the right line. 
>
> when I run certtool -k < newserver_co_uk.key the beginning starts with
>
> Public Key Info:
>         Public Key Algorithm: RSA
>
> when I run certool -i < newerver_co_uk.crt It begins with the following
> output
>
> X.509 Certificate Information:
>         Version: 3
>         Serial Number (hex): 78712b9b85f057731ea88fb1b9527153
>         Issuer: C=US,ST=UT,L=Salt Lake City,O=The USERTRUST Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware
>         Validity:
>                 Not Before: Thu May 10 00:00:00 UTC 2007
>                 Not After: Sat May  9 23:59:59 UTC 2009
>         Subject Public Key Algorithm: RSA

Excellent, thank you.  Could you also cut'n'paste your current exim
(MAIN_TLS_*) configuration?

Which exim version are you using?  Still 4.63-17?  It would help if you
could post a short snippet of an updated error message, with the new
filenames and so on.

When do the problem actually happen?  Does it happen on all TLS
sessions, or just some?

/Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #236 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Simon Josefsson <simon@josefsson.org>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Mon, 3 Mar 2008 13:44:35 +0000
> 
> Excellent, thank you.  Could you also cut'n'paste your current exim
> (MAIN_TLS_*) configuration?
> 
> Which exim version are you using?  Still 4.63-17?  It would help if you
> could post a short snippet of an updated error message, with the new
> filenames and so on.
> 
> When do the problem actually happen?  Does it happen on all TLS
> sessions, or just some?
> 
> /Simon

All, This is now working as desired. I am using exactly the same
configuration as I detailed in my first post (it was commented, I
uncommented it.)

MAIN_TLS_ENABLE = yes
MAIN_TLS_PRIVATEKEY = /etc/exim4/certificates/newserver_co_uk.pem
MAIN_TLS_CERTIFICATE = /etc/exim4/certificates/newserver_co_uk.crt

Does anyone know if any recent updates could have corrected this
problem?

Regardless, I am very happy this is now working. Thanks to everyone that
has looked in to this for me and provided help.

Best regards,
Mark




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #241 received at 426013@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Mark Adams <mark@campbell-lange.net>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Mon, 03 Mar 2008 15:09:41 +0100
Mark Adams <mark@campbell-lange.net> writes:

>> 
>> Excellent, thank you.  Could you also cut'n'paste your current exim
>> (MAIN_TLS_*) configuration?
>> 
>> Which exim version are you using?  Still 4.63-17?  It would help if you
>> could post a short snippet of an updated error message, with the new
>> filenames and so on.
>> 
>> When do the problem actually happen?  Does it happen on all TLS
>> sessions, or just some?
>> 
>> /Simon
>
> All, This is now working as desired. I am using exactly the same
> configuration as I detailed in my first post (it was commented, I
> uncommented it.)
>
> MAIN_TLS_ENABLE = yes
> MAIN_TLS_PRIVATEKEY = /etc/exim4/certificates/newserver_co_uk.pem
> MAIN_TLS_CERTIFICATE = /etc/exim4/certificates/newserver_co_uk.crt
>
> Does anyone know if any recent updates could have corrected this
> problem?
>
> Regardless, I am very happy this is now working. Thanks to everyone that
> has looked in to this for me and provided help.

Great.  Thanks for discussing the problem.

I am not aware of any change in this area in a long time, but I may have
missed something that may not seem related.

For what it's worth, what is consistent with the error messages you got
was if you mixed up the private key filename and the certificate
filename in the configuration.  That's why I asked so many times about
filename consistency and double-checks.

/Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #246 received at 426013@bugs.debian.org (full text, mbox):

From: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
To: Mark Adams <mark@campbell-lange.net>
Cc: 426013@bugs.debian.org, gnutls-devel@gnu.org, mh+debian-packages@zugschlus.de
Subject: Re: Problems with specific certificate/key (Debian Bug #426013)
Date: Mon, 03 Mar 2008 16:37:36 +0200
> All, This is now working as desired. I am using exactly the same
> configuration as I detailed in my first post (it was commented, I
> uncommented it.)
> 
> MAIN_TLS_ENABLE = yes
> MAIN_TLS_PRIVATEKEY = /etc/exim4/certificates/newserver_co_uk.pem
> MAIN_TLS_CERTIFICATE = /etc/exim4/certificates/newserver_co_uk.crt
> 
> Does anyone know if any recent updates could have corrected this
> problem?

The gnutls_certificate_set_x509_key_file() of 2.2.x series of gnutls can 
read PKCS8 private keys (when not encrypted). This might have been the 
issue.

However if you have indicated that your private key header started as 
"BEGIN PRIVATE KEY" you might have helped solve this much earlier :)

regards,
Nikos






Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #251 received at 426013@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Mark Adams <mark@campbell-lange.net>, 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Mon, 3 Mar 2008 18:41:05 +0100
On Mon, Mar 03, 2008 at 01:44:35PM +0000, Mark Adams wrote:
> All, This is now working as desired. I am using exactly the same
> configuration as I detailed in my first post (it was commented, I
> uncommented it.)
> 
> MAIN_TLS_ENABLE = yes
> MAIN_TLS_PRIVATEKEY = /etc/exim4/certificates/newserver_co_uk.pem
> MAIN_TLS_CERTIFICATE = /etc/exim4/certificates/newserver_co_uk.crt
> 
> Does anyone know if any recent updates could have corrected this
> problem?
> 
> Regardless, I am very happy this is now working. Thanks to everyone that
> has looked in to this for me and provided help.

If you send me the output of dpkg --list exim4-daemon-heavy, I can set
this bug to fixed with this version.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#426013; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Mark Adams <mark@campbell-lange.net>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #256 received at 426013@bugs.debian.org (full text, mbox):

From: Mark Adams <mark@campbell-lange.net>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 426013@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Mon, 3 Mar 2008 17:45:45 +0000
On Mon, Mar 03, 2008 at 06:41:05PM +0100, Marc Haber wrote:
> On Mon, Mar 03, 2008 at 01:44:35PM +0000, Mark Adams wrote:
> > All, This is now working as desired. I am using exactly the same
> > configuration as I detailed in my first post (it was commented, I
> > uncommented it.)
> > 
> > MAIN_TLS_ENABLE = yes
> > MAIN_TLS_PRIVATEKEY = /etc/exim4/certificates/newserver_co_uk.pem
> > MAIN_TLS_CERTIFICATE = /etc/exim4/certificates/newserver_co_uk.crt
> > 
> > Does anyone know if any recent updates could have corrected this
> > problem?
> > 
> > Regardless, I am very happy this is now working. Thanks to everyone that
> > has looked in to this for me and provided help.
> 
> If you send me the output of dpkg --list exim4-daemon-heavy, I can set
> this bug to fixed with this version.

4.68-2

Thanks for your help and Patience Marc.

> 
> Greetings
> Marc

Best Regards,
Mark

> 
> -- 
> -----------------------------------------------------------------------------
> Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
> Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
> Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190





Reply sent to Marc Haber <mh+debian-packages@zugschlus.de>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Mark Adams <mark@campbell-lange.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #261 received at 426013-done@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Mark Adams <mark@campbell-lange.net>, 426013-done@bugs.debian.org
Subject: Re: Bug#426013: exim4-daemon-heavy Base64 decoding error
Date: Mon, 3 Mar 2008 18:54:44 +0100
Version: 4.68-2

On Mon, Mar 03, 2008 at 05:45:45PM +0000, Mark Adams wrote:
> On Mon, Mar 03, 2008 at 06:41:05PM +0100, Marc Haber wrote:
> > If you send me the output of dpkg --list exim4-daemon-heavy, I can set
> > this bug to fixed with this version.
> 
> 4.68-2

Closing appropriately.

> Thanks for your help and Patience Marc.

Thanks for being a helpful bug submitter.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 01 Apr 2008 07:27:10 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 03:43:18 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.