Bug#926900: Processed: severity of 926900 is serious

To: Sandro Tosi <morph@debian.org>
Cc: 926900@bugs.debian.org, control@bugs.debian.org
Subject: Bug#926900: Processed: severity of 926900 is serious
From: Laurent Bigonville <bigon@debian.org>
Date: Fri, 26 Jan 2024 09:59:45 +0100
Message-id: <[🔎] 5f74fdc7-c560-4668-b188-ba6c4f65420f@debian.org>
Reply-to: Laurent Bigonville <bigon@debian.org>, 926900@bugs.debian.org
In-reply-to: <[🔎] CAB4XWXxBWNrSstpExB4WW3t5fkHTZtHrCaGtQJKFawRjCQA9cg@mail.gmail.com>
References: <1706117718-3799-bts-bigon@debian.org> <[🔎] handler.s.C.17061177301717726.transcript@bugs.debian.org> <[🔎] CAB4XWXw-yAKo4hrpsJBXA35eqAEvJwmy6TiN4W0LyW3iRtpFJQ@mail.gmail.com> <[🔎] 83452d7d-a5ae-4029-afa4-7693d8511656@debian.org> <[🔎] CAB4XWXxBWNrSstpExB4WW3t5fkHTZtHrCaGtQJKFawRjCQA9cg@mail.gmail.com> <248e05de-8420-1ff0-f5f3-05671a05b5ea@outerface.net>

Le 25/01/24 à 16:04, Sandro Tosi a écrit :

Well I raised this bug to serious as 1) I think these days, having non functional SSL is a real problem 2) mail-submit.debian.org (the SMTP server that can be used by DD to send mail with DKIM signature) is triggering this error.

We can argue over the severity, I think that this should be fixed ASAP

https://salsa.debian.org/reportbug-team/reportbug/-/blob/master/doc/README.Users?ref_type=heads#L200-202

I'm not sure why you are pointing me to this?

The problem is that reportbugs is not happy when trying to connect to some SMTP servers when using "smtptls" depending of their configuration, NOTHING to do with the BTS.

The SMTP server I mentioned here is just an example AND it works perfectly with the openssl command:

$ openssl s_client -connect mail-submit.debian.org:587 -starttls smtp
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = stravinsky.debian.org
verify return:1
---
Certificate chain
 0 s:CN = stravinsky.debian.org
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Dec  2 00:46:54 2023 GMT; NotAfter: Mar  1 00:46:53 2024 GMT
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGDzCCBPegAwIBAgISBLG1+0K75F9l9yqzoMGdBCvFMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzEyMDIwMDQ2NTRaFw0yNDAzMDEwMDQ2NTNaMCAxHjAcBgNVBAMT
FXN0cmF2aW5za3kuZGViaWFuLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
AgoCggIBALtI7AqU8JfQYct7WM69VCUQo1trInbUPVZ61i4Nmqa7nzCCw8C+4GkF
+R8PQhjX3rGjK8NpLNruP+e7YbzrxR69OL9kZwXDFLhAwMn6OJ8UzoHwSeYstBLY
mHxBcuy+dDVsE9oZQXFqT+mpEPGhAR8ynmzekGpfItiFLX8LmS36QKUnL4es2v3V
jfhsZXNoS5dPM53nzuRaB3s2Vp7HAIxbT4PijEMTsfE0qdG3a5Qok5U/S+uE7fix
A3nQbCd+qvAIb0mhoedpUmiCfBUVpWFl6NLdiJxiKTJdH2f0F8xB9l/OnE8NlpXu
cqNP+wiw9AknBjH4xKYJP4BUVLlL4C5qiEvuIpAkqi4/EqHwWK+Z5njZfq7mWuSY
8fepsMiLxuMdvJCCg7T/bHrM7hFRyUewYvk/xFqYPEGW+Tv7kdwMU/CsiiGzAt6b
k6hfftixOJbguLFAnKRgvNy3cB5ZQ/ehOEjGTaF952lJgDPYOnUL8iO+hd9lkPJJ
JfRHpEZHUZ1U0T0vR9mEFPGF5rO5+NvlCImTyeLvVxFXdtoxVGApl9R9lxVXQHZI
mGivYdPlDGpBSxwxEN9AObpl/QelL8MR5eLQfjXN86sUTR66MgtCQ4/GJs+l69Wv
hFTBfGn1eDEo10I9qJVToV+5an0qWFPfH4q8/FZP/+wdEGwJgYHNAgMBAAGjggIv
MIICKzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHn9eJOpQZ+x7hjjPihPC4UuBaxl
MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkw
RzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAC
hhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMDgGA1UdEQQxMC+CFm1haWwtc3VibWl0
LmRlYmlhbi5vcmeCFXN0cmF2aW5za3kuZGViaWFuLm9yZzATBgNVHSAEDDAKMAgG
BmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1ADtTd3U+LbmAToswWwb+
QDtn2E/D9Me9AA0tcm/h+tQXAAABjCg1DJsAAAQDAEYwRAIgd8qYrzL27ecIMX5T
VUz9bqJGIwyPsl3ke4fEy2PFPlkCIFmY9E6jXE8gFLrOVV9lFSJN6MoRWY9mYg9Z
a1xNMaSqAHcA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGMKDUM
rgAABAMASDBGAiEAykZgWprc6hA/rahTqXrU0jYyJKiceZly6WZGjhcfrwYCIQC4
tG+C8PJCr5QVhOU+MkNqHM2vXvZ/pOkMg8iN4oFzKzANBgkqhkiG9w0BAQsFAAOC
AQEAVKPeYIZ6ed64BjO8v2rwOw3H+bDO5gO13MV79FvJrS+7T4Lkw7poUprN9Iv1
VpAgq3g8P6mAKwBgo+zi00eQjYwtP/cdMQ1KiUDdtadCAsjgopsJ/Aucdd41wMV8
wPlVh60+VdrF3xBlxLnVLydUmrnI2PYTfzH1w/b47Jh48ITFRfbnHo0oXI4rUnEA
Bi4IhoGJCrSD8TyCHfeQzd1xMnIwB/Q6YAin716C3HlW486AyrlPkpSrag4YSNoW
eZUF8fucmRdYFQdOXE2kAVR11YK/uPvGd+b+MyX1RAx7Bd1TFUkdOziIgTMfC9Wb
bdUPIa+wZcviKUDRO45Y2Dl8NA==
-----END CERTIFICATE-----
subject=CN = stravinsky.debian.org
issuer=C = US, O = Let's Encrypt, CN = R3
---
Acceptable client certificate CA names
C = NA, ST = NA, L = Ankh Morpork, O = Debian SMTP, OU = Debian SMTP CA, CN = Debian SMTP CA, emailAddress = hostmaster@puppet.debian.org
Requested Signature Algorithms: RSA+SHA256:RSA-PSS+SHA256:RSA-PSS+SHA256:ECDSA+SHA256:Ed25519:RSA+SHA384:RSA-PSS+SHA384:RSA-PSS+SHA384:ECDSA+SHA384:Ed448:RSA+SHA512:RSA-PSS+SHA512:RSA-PSS+SHA512:ECDSA+SHA512:RSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA256:RSA-PSS+SHA256:RSA-PSS+SHA256:ECDSA+SHA256:Ed25519:RSA+SHA384:RSA-PSS+SHA384:RSA-PSS+SHA384:ECDSA+SHA384:Ed448:RSA+SHA512:RSA-PSS+SHA512:RSA-PSS+SHA512:ECDSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5584 bytes and written 467 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 HELP

This looks like an 100% issue with reportbug

Reply to:

References:
- Processed: severity of 926900 is serious
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Re: Processed: severity of 926900 is serious
  - From: Sandro Tosi <morph@debian.org>
- Re: Processed: severity of 926900 is serious
  - From: Laurent Bigonville <bigon@debian.org>
- Re: Processed: severity of 926900 is serious
  - From: Sandro Tosi <morph@debian.org>

Prev by Date: Processed: Re: Processed: severity of 926900 is serious
Next by Date: Bug#926900: sslv3 alert illegal parameter
Previous by thread: Processed: Re: Processed: severity of 926900 is serious
Next by thread: Bug#926900: sslv3 alert illegal parameter
Index(es):
- Date
- Thread