deltachat-core-rust
deltachat-core-rust copied to clipboard
Published
20 hours ago •
deltachat
deltachat
feat: accept self-signed nauta.cu certificates
We need to get recent certificates for imap.nauta.cu and smtp.nauta.cu I added certificates from https://github.com/deltachat/deltachat-core-rust/issues/1007#issuecomment-564351730, but they are expired in 2022.
https://webmail.enet.cu/ has a Let's Encrypt certificate valid for imap.nauta.cu and smtp.nauta.cu, but it is not actually used for IMAP and SMTP servers. Here is a certificate chain downloaded with Firefox:
-----BEGIN CERTIFICATE-----
MIIGZjCCBU6gAwIBAgISAybV4OM3UnpqYOdagZ3Rr3PkMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTEwHhcNMjQwODIzMDkwMzA4WhcNMjQxMTIxMDkwMzA3WjASMRAwDgYDVQQD
EwdlbmV0LmN1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0W37LgyN
4F80BJmAexgZDzN3fw5EexFw/0GFdWhktci4bdZTAROiJVVeQ8oRn1XFqevsh6pk
XjNkRzlO8wGu100wjus7chG0XizfTi/9zGUhl6VnUxD1MmJJ7wuWITk8GO+z/K5m
+mSkKm1b7URa6OM+pcHvXL9oYbONrE+8RN6Tdl4vxAVn0WlnG34fI+VopguW1+/p
S/FrwdojbmcR2yYwbTH+ORApPMxGdi0Gv3Xa5zllFFTTXB9TGOtcLPnZVu3CnSUs
LAGy2mdtnQbWRroKk7sJ/M1KwCueYTlgBJDQEpwWq2Z9+uGpRWU7s7HFOZad0qP6
NRHf//W4hSmrKQIDAQABo4IDkzCCA48wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQP
cBW3PG5LTvghs/XaQ76wiX6lHDAfBgNVHSMEGDAWgBTFz0ak6vTDwHpslcQtsF6S
LybjuTBXBggrBgEFBQcBAQRLMEkwIgYIKwYBBQUHMAGGFmh0dHA6Ly9yMTEuby5s
ZW5jci5vcmcwIwYIKwYBBQUHMAKGF2h0dHA6Ly9yMTEuaS5sZW5jci5vcmcvMIIB
mAYDVR0RBIIBjzCCAYuCB2VuZXQuY3WCDWhvcmRlLmVuZXQuY3WCDmhvcmRlLm5h
dXRhLmN1ggxpbWFwLmVuZXQuY3WCDWltYXAubmF1dGEuY3WCDWltYXBzLmVuZXQu
Y3WCDmltYXBzLm5hdXRhLmN1gghuYXV0YS5jdYILcG9wLmVuZXQuY3WCDHBvcC5u
YXV0YS5jdYIMcG9wMy5lbmV0LmN1gg1wb3AzLm5hdXRhLmN1gg1wb3Azcy5lbmV0
LmN1gg5wb3Azcy5uYXV0YS5jdYIMcG9wcy5lbmV0LmN1gg1wb3BzLm5hdXRhLmN1
gg5wb3J0YWwuZW5ldC5jdYIPcG9ydGFsLm5hdXRhLmN1ggxzbXRwLmVuZXQuY3WC
DXNtdHAubmF1dGEuY3WCDXNtdHBzLmVuZXQuY3WCDnNtdHBzLm5hdXRhLmN1gg93
ZWJtYWlsLmVuZXQuY3WCEHdlYm1haWwubmF1dGEuY3WCEnd3dy5wb3J0YWwuZW5l
dC5jdYITd3d3LnBvcnRhbC5uYXV0YS5jdTATBgNVHSAEDDAKMAgGBmeBDAECATCC
AQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0s
gdm7v6s52IRzAAABkX6vORoAAAQDAEgwRgIhAMJtiD90SYyOjIzF/lR5N3G4V0aN
JWETDr0EeC+gv9baAiEAifPyx3byvfKa2pKSdS6XgmIUemc8BCCrfglD3Avq+UcA
dQDf4VbrqgWvtZwPhnGNqMAyTq5W2W6n9aVqAdHBO75SXAAAAZF+rzo1AAAEAwBG
MEQCIGMl1uhbc+h6bAF6gePruN5uoz4dGAC50EJZ2sTh5XRHAiBG0U9glbDweC4o
0sqznO6DTsqH4H4/vHcl45gzx2ll9DANBgkqhkiG9w0BAQsFAAOCAQEARlfMvcVy
PkyZeUKjm19ko1j8B264RQogQjve4jVTWSJ4B/vu8yGZyXRVYmLk2es1w1RFzZuo
VAzTKl4pPsuAQnh+c3RC+QGuSbkAwJdg3qnVrI55XN2sungSDZBTX/wO0OilWsJS
OdkOLs1BoD6T5HxVQhh+I+3VQHULxpkhqCq+jKh7++yBVCsNSVl8ZJV8zpmwZbsn
LPkjxD5Gh6JtyYcmqRej55r1k6ZVBG7rHHCufC0+oDt8WyOta0WZwkkrvpoDcqNJ
rPqOYyF1N+35pyfDLhNeN2LQAxpR8vqvTSj34ubiWwHyCs2ucf3QX4eo/9+YJGWW
gZpDhcYkE+//JA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFBjCCAu6gAwIBAgIRAIp9PhPWLzDvI4a9KQdrNPgwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAzMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDEMMAoGA1UEAxMDUjExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAuoe8XBsAOcvKCs3UZxD5ATylTqVhyybKUvsVAbe5KPUoHu0nsyQYOWcJ
DAjs4DqwO3cOvfPlOVRBDE6uQdaZdN5R2+97/1i9qLcT9t4x1fJyyXJqC4N0lZxG
AGQUmfOx2SLZzaiSqhwmej/+71gFewiVgdtxD4774zEJuwm+UE1fj5F2PVqdnoPy
6cRms+EGZkNIGIBloDcYmpuEMpexsr3E+BUAnSeI++JjF5ZsmydnS8TbKF5pwnnw
SVzgJFDhxLyhBax7QG0AtMJBP6dYuC/FXJuluwme8f7rsIU5/agK70XEeOtlKsLP
Xzze41xNG/cLJyuqC0J3U095ah2H2QIDAQABo4H4MIH1MA4GA1UdDwEB/wQEAwIB
hjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUxc9GpOr0w8B6bJXELbBeki8m47kwHwYDVR0jBBgwFoAU
ebRZ5nu25eQBc4AIiMgaWPbpm24wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAC
hhZodHRwOi8veDEuaS5sZW5jci5vcmcvMBMGA1UdIAQMMAowCAYGZ4EMAQIBMCcG
A1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly94MS5jLmxlbmNyLm9yZy8wDQYJKoZIhvcN
AQELBQADggIBAE7iiV0KAxyQOND1H/lxXPjDj7I3iHpvsCUf7b632IYGjukJhM1y
v4Hz/MrPU0jtvfZpQtSlET41yBOykh0FX+ou1Nj4ScOt9ZmWnO8m2OG0JAtIIE38
01S0qcYhyOE2G/93ZCkXufBL713qzXnQv5C/viOykNpKqUgxdKlEC+Hi9i2DcaR1
e9KUwQUZRhy5j/PEdEglKg3l9dtD4tuTm7kZtB8v32oOjzHTYw+7KdzdZiw/sBtn
UfhBPORNuay4pJxmY/WrhSMdzFO2q3Gu3MUBcdo27goYKjL9CTF8j/Zz55yctUoV
aneCWs/ajUX+HypkBTA+c8LGDLnWO2NKq0YD/pnARkAnYGPfUDoHR9gVSp/qRx+Z
WghiDLZsMwhN1zjtSC0uBWiugF3vTNzYIEFfaPG7Ws3jDrAMMYebQ95JQ+HIBD/R
PBuHRTBpqKlyDnkSHDHYPiNX3adPoPAcgdF3H2/W0rmoswMWgTlLn1Wu0mrks7/q
pdWfS6PJ1jty80r2VKsM/Dj3YIDfbjXKdaFU5C+8bhfJGqU3taKauuz0wHVGT3eo
6FlWkWYtbt4pgdamlwVeZEW+LM7qZEJEsMNPrfC03APKmZsJgpWCDWOKZvkZcvjV
uYkQ4omYCTX5ohy+knMjdOmdH9c7SpqEWBDC86fiNex+O0XOMEZSa8DA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
We need someone to run this and save certificates they see:
openssl s_client -starttls imap -servername imap.nauta.cu -starttls imap -showcerts imap.nauta.cu:143
openssl s_client -starttls smtp -servername smtp.nauta.cu -starttls smtp -showcerts smtp.nauta.cu:25
Probably you mean
openssl s_client -starttls **imap** -servername imap.nauta.cu -starttls imap -showcerts imap.nauta.cu:143 openssl s_client -starttls smtp -servername smtp.nauta.cu -starttls smtp -showcerts smtp.nauta.cu:25
This can be revived if someone gets us non-expired current certificate. But maybe they just use an expired certificate. Also may be not worth it because messages between nauta.cu and some email servers are reportedly not delivered reliably.