New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: accept self-signed nauta.cu certificates #5953

Draft

link2xt wants to merge 1 commit into main from link2xt/nauta-certificates

Collaborator

link2xt commented Sep 4, 2024

This will allow users to enable strict TLS checks.


feat: accept self-signed nauta.cu certificates

365afd9

This will allow users to enable strict TLS checks.

Collaborator Author

link2xt commented Sep 4, 2024

We need to get recent certificates for imap.nauta.cu and smtp.nauta.cu
I added certificates from #1007 (comment), but they are expired in 2022.

Collaborator Author

link2xt commented Sep 4, 2024 •

edited

Loading

https://webmail.enet.cu/ has a Let's Encrypt certificate valid for imap.nauta.cu and smtp.nauta.cu, but it is not actually used for IMAP and SMTP servers. Here is a certificate chain downloaded with Firefox:

-----BEGIN CERTIFICATE-----
MIIGZjCCBU6gAwIBAgISAybV4OM3UnpqYOdagZ3Rr3PkMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTEwHhcNMjQwODIzMDkwMzA4WhcNMjQxMTIxMDkwMzA3WjASMRAwDgYDVQQD
EwdlbmV0LmN1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0W37LgyN
4F80BJmAexgZDzN3fw5EexFw/0GFdWhktci4bdZTAROiJVVeQ8oRn1XFqevsh6pk
XjNkRzlO8wGu100wjus7chG0XizfTi/9zGUhl6VnUxD1MmJJ7wuWITk8GO+z/K5m
+mSkKm1b7URa6OM+pcHvXL9oYbONrE+8RN6Tdl4vxAVn0WlnG34fI+VopguW1+/p
S/FrwdojbmcR2yYwbTH+ORApPMxGdi0Gv3Xa5zllFFTTXB9TGOtcLPnZVu3CnSUs
LAGy2mdtnQbWRroKk7sJ/M1KwCueYTlgBJDQEpwWq2Z9+uGpRWU7s7HFOZad0qP6
NRHf//W4hSmrKQIDAQABo4IDkzCCA48wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQP
cBW3PG5LTvghs/XaQ76wiX6lHDAfBgNVHSMEGDAWgBTFz0ak6vTDwHpslcQtsF6S
LybjuTBXBggrBgEFBQcBAQRLMEkwIgYIKwYBBQUHMAGGFmh0dHA6Ly9yMTEuby5s
ZW5jci5vcmcwIwYIKwYBBQUHMAKGF2h0dHA6Ly9yMTEuaS5sZW5jci5vcmcvMIIB
mAYDVR0RBIIBjzCCAYuCB2VuZXQuY3WCDWhvcmRlLmVuZXQuY3WCDmhvcmRlLm5h
dXRhLmN1ggxpbWFwLmVuZXQuY3WCDWltYXAubmF1dGEuY3WCDWltYXBzLmVuZXQu
Y3WCDmltYXBzLm5hdXRhLmN1gghuYXV0YS5jdYILcG9wLmVuZXQuY3WCDHBvcC5u
YXV0YS5jdYIMcG9wMy5lbmV0LmN1gg1wb3AzLm5hdXRhLmN1gg1wb3Azcy5lbmV0
LmN1gg5wb3Azcy5uYXV0YS5jdYIMcG9wcy5lbmV0LmN1gg1wb3BzLm5hdXRhLmN1
gg5wb3J0YWwuZW5ldC5jdYIPcG9ydGFsLm5hdXRhLmN1ggxzbXRwLmVuZXQuY3WC
DXNtdHAubmF1dGEuY3WCDXNtdHBzLmVuZXQuY3WCDnNtdHBzLm5hdXRhLmN1gg93
ZWJtYWlsLmVuZXQuY3WCEHdlYm1haWwubmF1dGEuY3WCEnd3dy5wb3J0YWwuZW5l
dC5jdYITd3d3LnBvcnRhbC5uYXV0YS5jdTATBgNVHSAEDDAKMAgGBmeBDAECATCC
AQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0s
gdm7v6s52IRzAAABkX6vORoAAAQDAEgwRgIhAMJtiD90SYyOjIzF/lR5N3G4V0aN
JWETDr0EeC+gv9baAiEAifPyx3byvfKa2pKSdS6XgmIUemc8BCCrfglD3Avq+UcA
dQDf4VbrqgWvtZwPhnGNqMAyTq5W2W6n9aVqAdHBO75SXAAAAZF+rzo1AAAEAwBG
MEQCIGMl1uhbc+h6bAF6gePruN5uoz4dGAC50EJZ2sTh5XRHAiBG0U9glbDweC4o
0sqznO6DTsqH4H4/vHcl45gzx2ll9DANBgkqhkiG9w0BAQsFAAOCAQEARlfMvcVy
PkyZeUKjm19ko1j8B264RQogQjve4jVTWSJ4B/vu8yGZyXRVYmLk2es1w1RFzZuo
VAzTKl4pPsuAQnh+c3RC+QGuSbkAwJdg3qnVrI55XN2sungSDZBTX/wO0OilWsJS
OdkOLs1BoD6T5HxVQhh+I+3VQHULxpkhqCq+jKh7++yBVCsNSVl8ZJV8zpmwZbsn
LPkjxD5Gh6JtyYcmqRej55r1k6ZVBG7rHHCufC0+oDt8WyOta0WZwkkrvpoDcqNJ
rPqOYyF1N+35pyfDLhNeN2LQAxpR8vqvTSj34ubiWwHyCs2ucf3QX4eo/9+YJGWW
gZpDhcYkE+//JA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFBjCCAu6gAwIBAgIRAIp9PhPWLzDvI4a9KQdrNPgwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAzMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDEMMAoGA1UEAxMDUjExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAuoe8XBsAOcvKCs3UZxD5ATylTqVhyybKUvsVAbe5KPUoHu0nsyQYOWcJ
DAjs4DqwO3cOvfPlOVRBDE6uQdaZdN5R2+97/1i9qLcT9t4x1fJyyXJqC4N0lZxG
AGQUmfOx2SLZzaiSqhwmej/+71gFewiVgdtxD4774zEJuwm+UE1fj5F2PVqdnoPy
6cRms+EGZkNIGIBloDcYmpuEMpexsr3E+BUAnSeI++JjF5ZsmydnS8TbKF5pwnnw
SVzgJFDhxLyhBax7QG0AtMJBP6dYuC/FXJuluwme8f7rsIU5/agK70XEeOtlKsLP
Xzze41xNG/cLJyuqC0J3U095ah2H2QIDAQABo4H4MIH1MA4GA1UdDwEB/wQEAwIB
hjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUxc9GpOr0w8B6bJXELbBeki8m47kwHwYDVR0jBBgwFoAU
ebRZ5nu25eQBc4AIiMgaWPbpm24wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAC
hhZodHRwOi8veDEuaS5sZW5jci5vcmcvMBMGA1UdIAQMMAowCAYGZ4EMAQIBMCcG
A1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly94MS5jLmxlbmNyLm9yZy8wDQYJKoZIhvcN
AQELBQADggIBAE7iiV0KAxyQOND1H/lxXPjDj7I3iHpvsCUf7b632IYGjukJhM1y
v4Hz/MrPU0jtvfZpQtSlET41yBOykh0FX+ou1Nj4ScOt9ZmWnO8m2OG0JAtIIE38
01S0qcYhyOE2G/93ZCkXufBL713qzXnQv5C/viOykNpKqUgxdKlEC+Hi9i2DcaR1
e9KUwQUZRhy5j/PEdEglKg3l9dtD4tuTm7kZtB8v32oOjzHTYw+7KdzdZiw/sBtn
UfhBPORNuay4pJxmY/WrhSMdzFO2q3Gu3MUBcdo27goYKjL9CTF8j/Zz55yctUoV
aneCWs/ajUX+HypkBTA+c8LGDLnWO2NKq0YD/pnARkAnYGPfUDoHR9gVSp/qRx+Z
WghiDLZsMwhN1zjtSC0uBWiugF3vTNzYIEFfaPG7Ws3jDrAMMYebQ95JQ+HIBD/R
PBuHRTBpqKlyDnkSHDHYPiNX3adPoPAcgdF3H2/W0rmoswMWgTlLn1Wu0mrks7/q
pdWfS6PJ1jty80r2VKsM/Dj3YIDfbjXKdaFU5C+8bhfJGqU3taKauuz0wHVGT3eo
6FlWkWYtbt4pgdamlwVeZEW+LM7qZEJEsMNPrfC03APKmZsJgpWCDWOKZvkZcvjV
uYkQ4omYCTX5ohy+knMjdOmdH9c7SpqEWBDC86fiNex+O0XOMEZSa8DA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----

Collaborator Author

link2xt commented Sep 4, 2024 •

edited

Loading

We need someone to run this and save certificates they see:

openssl s_client -starttls imap -servername imap.nauta.cu -starttls imap -showcerts imap.nauta.cu:143
openssl s_client -starttls smtp -servername smtp.nauta.cu -starttls smtp -showcerts smtp.nauta.cu:25

Collaborator

iequidoo commented Sep 4, 2024

Probably you mean

openssl s_client -starttls **imap** -servername imap.nauta.cu -starttls imap -showcerts imap.nauta.cu:143
openssl s_client -starttls smtp -servername smtp.nauta.cu -starttls smtp -showcerts smtp.nauta.cu:25

link2xt marked this pull request as draft

September 5, 2024 01:19

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment