libssl problem : "invalid digest length" when connecting to outlook.office365.com:993

Tue, 13 Nov 2018 00:38:12 -0800 

Hi,

Moving the thread to bugs@ has it seems to be an issue with libssl.

When connecting with nc(1) to outlook.office365.com:993, on older system
is able to connect and verify the connection. On a recent system, the
handshake failed due to "invalid digest length".


on "old" -current (snapshot):
        OpenBSD 6.4-current (GENERIC.MP) #419: Wed Oct 31 18:14:06 MDT 2018

$ nc -vvc outlook.office365.com 993
Connection to outlook.office365.com 993 port [tcp/imaps] succeeded!
TLS handshake negotiated TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384 with host 
outlook.office365.com
Peer name: outlook.office365.com
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=outlook.com
Issuer: /C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
Valid From: Wed Aug  1 02:00:00 2018
Valid Until: Sat Aug  1 14:00:00 2020
Cert Hash: 
SHA256:47be4a2af4d726b98ad723eed11ec6cb7b58a9cae90d5638e96fb2b037f21fcd
OCSP URL: http://ocspx.digicert.com
OCSP Stapling: good
  response_status=0 cert_status=0 crl_reason=0
  this update: Tue Nov 13 00:24:08 2018
  next update: Mon Nov 19 23:39:08 2018
  revocation:
* OK The Microsoft Exchange IMAP4 service is ready. 
[QQBNADUAUABSADAANAAwADIAQwBBADAAMAAwADMALgBlAHUAcgBwAHIAZAAwADQALgBwAHIAbwBkAC4AbwB1AHQAbABvAG8AawAuAGMAbwBtAA==]


but on more recent system (manually built system):
        OpenBSD 6.4-current (GENERIC.MP) #18: Sun Nov 11 15:45:56 CET 2018

$ nc -vvc outlook.office365.com 993
Connection to outlook.office365.com 993 port [tcp/imaps] succeeded!
nc: tls handshake failed (handshake failed: error:04FFF08F:rsa 
routines:CRYPTO_internal:invalid digest length)

Something changed.

Thanks.
-- 
Sebastien Marie

On Tue, Nov 13, 2018 at 07:58:00AM +0000, Mikolaj Kucharski wrote:
> Hi,
> 
> I just upgraded base system to:
> 
> OpenBSD 6.4-current (GENERIC.MP) #437: Mon Nov 12 20:06:01 MST 2018
>     [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> 
> and all packages to the latest snapshot at the time:
> 
> $ pkg_info -f quirks | awk -F: '/digital-signature/ {print $2}'
> 2018-11-11T21
> 
> $ pkg_info -qI offlineimap
> offlineimap-7.2.1
> 
> I'm seeing this while OfflineIMAP 7.2.1 talks to outlook.office365.com:
> 
> 
> Establishing connection to outlook.office365.com:993 (Remote)
> ERROR: Unknown SSL protocol connecting to host 'outlook.office365.com' for 
> repository 'Remote'. OpenSSL responded:
> [SSL: BAD_SIGNATURE] bad signature (_ssl.c:730)
> 
> ..and connection closes. Is this known problem? I don't see this problem
> when OfflineIMAP talks to Google.
> 
> Regards,
>  Mikolaj
> 

-- 
Sebastien Marie

Reply via email to