Package: sendemail
Version: 1.56-5.1
Severity: normal
Tags: patch
Hi,
when using sendemail to send an email with
relay mail-submit.debian.org (uses starttls),
hostname verification fails -
$ sendEmail -o tls=yes -f "ur...@debian.org" \
-t recip...@example.org -s mail-submit.debian.org:587 \
-o message-file=/tmp/mail.txt \
-xu urbec -xp the-password-is-always-password \
-u "Test email"
Jul 13 21:06:32 (...) sendEmail[11565]: ERROR => TLS setup failed: hostname
verification failed
$
Non recent versions of SSL.pm also did show the following error message -
Use of uninitialized value $2 in concatenation (.) or string at
/usr/share/perl5/IO/Socket/SSL.pm line 792.
The current version in sid replaces the missing hostname
with the sender's IP, so no error message beyond
"hostname verification failed" anymore.
(versions before bookworm just allowed IP addresses as always verified,
but that's no longer the case)
The following patch passes the hostname -
Description: Fix TLS hostname verification.
Author: Unit 193 <unit...@debian.org>
Forwarded: no
--- sendemail-1.56.orig/sendEmail
+++ sendemail-1.56/sendEmail
@@ -1930,7 +1930,10 @@ if( $conf{'use_sendmail'} ) {
if ($conf{'tls_server'} == 1 and $conf{'tls_client'} == 1 and
$opt{'tls'} =~ /^(yes|auto)$/) {
printmsg("DEBUG => Starting TLS", 2);
if (SMTPchat('STARTTLS')) { quit($conf{'error'}, 1); }
- if (! IO::Socket::SSL->start_SSL($SERVER, SSL_version =>
'SSLv23:!SSLv2')) {
+ if (! IO::Socket::SSL->start_SSL($SERVER,
+ SSL_version => 'TLSv12:!SSLv2',
+ SSL_verifycn_scheme => 'smtp',
+ SSL_verifycn_name => $conf{'server'})) {
quit("ERROR => TLS setup failed: " .
IO::Socket::SSL::errstr(), 1);
}
printmsg("DEBUG => TLS: Using cipher: ". $SERVER->get_cipher(), 3);
signature.asc
Description: This is a digitally signed message part.
