Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

The moon is a planet just like the Earth, only it is even deader.

devel / comp.protocols.time.ntp / [questions] Old certificate chain being sent by list server

SubjectAuthor
o [questions] Old certificate chain being sent by list serverJeremy Harris

1
[questions] Old certificate chain being sent by list server

<5f5542a1-2b60-2c4d-8856-e6f2e98f0b0f@wizmail.org>

  copy mid

https://news.novabbs.org/devel/article-flat.php?id=862&group=comp.protocols.time.ntp#862

  copy link   Newsgroups: comp.protocols.time.ntp
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!news.iecc.com!.POSTED.gal.iecc.com!not-for-mail
From: jgh@wizmail.org (Jeremy Harris)
Newsgroups: comp.protocols.time.ntp
Subject: [questions] Old certificate chain being sent by list server
Date: Wed, 15 Jun 2022 13:38:00 -0000 (UTC)
Organization: Taughannock Networks, Trumansburg NY
Message-ID: <5f5542a1-2b60-2c4d-8856-e6f2e98f0b0f@wizmail.org>
Reply-To: questions@lists.ntp.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 15 Jun 2022 13:38:00 -0000 (UTC)
Injection-Info: gal.iecc.com; posting-host="gal.iecc.com:64.57.183.53";
logging-data="24928"; mail-complaints-to="abuse@iecc.com"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv: 91.0) Gecko/20100101 Thunderbird/91.9.0
To: questions@lists.ntp.org
Return-Path: <questions+bounces-41-ntpquestions=iecc.com@lists.ntp.org>
Delivered-To: ntpquestions@iecc.com
Delivered-To: questions@lists.ntp.org
X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on gal.iecc.com
X-Spam-Status: No, score=-2.5 required=4.4 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.5
Authentication-Results: iecc.com; spf=pass spf.mailfrom=questions+bounces-41-ntpquestions=iecc.com@lists.ntp.org spf.helo=mail0.chi1.ntfo.org smtp.remote-ip="204.93.207.17"; dkim=fail (bad signature) header.d=wizmail.org header.s=e202001 header.a=rsa-sha1 header.b="blLvyUMl"; dkim=fail (bad signature) header.d=wizmail.org header.s=r202001 header.a=rsa-sha256 header.b="jbjoWGMO"
X-Original-To: questions@lists.ntp.org
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=wizmail.org; s=e202001; h=Content-Transfer-Encoding:Content-Type:Subject: From:To:MIME-Version:Date:Message-ID:From:Sender:Reply-To:Subject:Date: Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archi
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=wizmail.org ; s=r202001; h=Content-Transfer-Encoding:Content-Type:Subject:From:To: MIME-Version:Date:Message-ID:From:Sender:Reply-To:Subject:Date:Message-ID:To: Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive:
Authentication-Results: wizmail.org; iprev=pass (vgate18.wizint.net) smtp.remote-ip=2a00:1940:107::1:2f:0; auth=pass (PLAIN) smtp.auth=jgh@wizmail.org
List-unsubscribe: mailto: questions+unsubscribe@lists.ntp.org
X-BeenThere: questions@lists.ntp.org
List-Id: questions.lists.ntp.org
Precedence: list
Content-Language: en-GB
X-Pcms-Received-Sender: vgate18.wizint.net ([2a00: 1940:107::1:2f:0] helo=[IPV6:2a00:1940:107:1194::1000]) with esmtpsa
X-DCC-iecc-Metrics: gal.iecc.com 1107; Body=1 Fuz1=1 Fuz2=1
Mail-to-news: iecc.com
 by: Jeremy Harris - Wed, 15 Jun 2022 13:38 UTC

Hi,

My MTA is noting an expired certificate in the chain sent sent by
[204.93.207.17] :-

2022-06-15 13:01:55.660 +0000 [204.93.207.17] SSL verify error: depth=2 error=certificate has expired cert=/O=Digital Signature Trust Co./CN=DST Root CA X3
2022-06-15 13:01:55.660 +0000 [204.93.207.17] mail0.chi1.ntfo.org tls:cert depth=2 <CN=DST Root CA X3,O=Digital Signature Trust Co.>
2022-06-15 13:01:55.660 +0000 [204.93.207.17] SSL verify error: depth=1 error=certificate has expired cert=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
2022-06-15 13:01:55.660 +0000 [204.93.207.17] mail0.chi1.ntfo.org tls:cert depth=1 <CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US>
2022-06-15 13:01:55.660 +0000 [204.93.207.17] SSL verify error: depth=0 error=certificate has expired cert=/CN=mail0.chi1.ntfo.org
2022-06-15 13:01:55.660 +0000 [204.93.207.17] mail0.chi1.ntfo.org tls:cert depth=0 <CN=mail0.chi1.ntfo.org> <DNS=mail0.chi1.ntfo.org>

The top line there is the CA of the chain. I'm unclear if actually all the chain
layers really have expired, or if the failure is propagated from the CA level.

I think this is probably a client certificate chain, my MTA having requested one.

The X3 cert expired Septenber 2021:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
--
Cheers,
Jeremy
--
This is questions@lists.ntp.org
Subscribe: questions+subscribe@lists.ntp.org
Unsubscribe: questions+unsubscribe@lists.ntp.org

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor