Bug#1104296: marked as done (Net::SMTP::TLS fails when with hostname verification failed)

Wed, 07 May 2025 13:39:48 -0700 

Your message dated Wed, 07 May 2025 20:35:45 +0000
with message-id <[email protected]>
and subject line Bug#1104296: fixed in libnet-smtp-tls-perl 0.12-5
has caused the Debian Bug report #1104296,
regarding Net::SMTP::TLS fails when with hostname verification failed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1104296: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104296
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libnet-smtp-tls-perl
Version: 0.12-4
Severity: important
Tags: patch

Hi,

after upgrading to Debian 12, some of our tooling fell over with
| Couldn't start TLS: hostname verification failed

Turns out, Net::SMTP::TLS does not provide the hostname to
the code that in the end tries to verify the CN, so that
code in turn ends up using the socket endpoint IP address.

To reproduce:


weasel@gander:~$ perl -MNet::SMTP::TLS -e '$smtp = 
Net::SMTP::TLS->new("mailly.debian.org")'
Couldn't start TLS: hostname verification failed
 at -e line 1.

This seems like it might be a sane fix:
--- TLS.pm      2025-04-28 14:22:13.523427780 +0200
+++ /usr/share/perl5/Net/SMTP/TLS.pm    2025-04-28 14:22:24.631519263 +0200
@@ -178,7 +178,7 @@
        if(not $num == 220){
                croak "Invalid response for STARTTLS: $num $txt\n";
        }
-       if(not IO::Socket::SSL::socket_to_SSL($me->{sock})){
+       if(not IO::Socket::SSL::socket_to_SSL($me->{sock}, 
SSL_verifycn_name=>$me->{Host})){
                        croak "Couldn't start TLS: 
".IO::Socket::SSL::errstr."\n";
        }
        $me->hello();

in sub starttls.

With that patch applied, things work:

weasel@gander:~$ perl -MNet::SMTP::TLS -e '$smtp = 
Net::SMTP::TLS->new("mailly.debian.org")'
weasel@gander:~$


Cheers,
-- 
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/

--- End Message ---
--- Begin Message --- 
Source: libnet-smtp-tls-perl
Source-Version: 0.12-5
Done: gregor herrmann <[email protected]>

We believe that the bug you reported is fixed in the latest version of
libnet-smtp-tls-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated libnet-smtp-tls-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 07 May 2025 21:59:18 +0200
Source: libnet-smtp-tls-perl
Architecture: source
Version: 0.12-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Closes: 1104296
Changes:
 libnet-smtp-tls-perl (0.12-5) unstable; urgency=medium
 .
   * Team upload.
   * Add patch to set the name used in hostname verification.
     Thanks to Peter Palfrader for the bug report and the patch.
     (Closes: #1104296)
   * Declare compliance with Debian Policy 4.7.2.
   * Set Rules-Requires-Root: no.
   * Annotate test-only build dependencies with <!nocheck>.
Checksums-Sha1:
 eb55b83aa7ec1c65a6a63c5bd3e14cdafb024c2c 2506 libnet-smtp-tls-perl_0.12-5.dsc
 1fda6c2042553753065236f02ba89d60ab7b0a29 3188 
libnet-smtp-tls-perl_0.12-5.debian.tar.xz
Checksums-Sha256:
 4447f26f044923f54605be87aee89dc6ee9981aab8cd4a2b3089db51835a01b6 2506 
libnet-smtp-tls-perl_0.12-5.dsc
 c59d850c222dd5798b16686796a64f150b84413e6cba56dae36a254f146013a8 3188 
libnet-smtp-tls-perl_0.12-5.debian.tar.xz
Files:
 f3c09934f428074c45b8d7a70c7b15e0 2506 perl optional 
libnet-smtp-tls-perl_0.12-5.dsc
 6d8ca4b666cd4210810ddf912d151c57 3188 perl optional 
libnet-smtp-tls-perl_0.12-5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmgbvDRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgbH9w//XVUFnYdPV8vNUmaE5Bd5gBbglXJo7pBPyWK1ja8viw8ZZ1H/xUFcj9Jc
jdypR834nECgLU6RHmu/sxKPDr5kKJM+Z/2eu4olZw4kA4zhPbv3sjFa/SXjTaB9
32wy8ytA3ij4DShiK0LUYCTzQRreCvRz1zyeAPmIGdOd70pPzuZZ+31rGbvf8+nu
x0QW0WVAGo0+6vBctXW7kRGek6eqQZptf4mQdpxTDhVLZX5xq4UfEjBNoc4QxwpE
ghf4wlBPCDZPENSSf6AN99l9b0Sus5rbdTfgdEg2jGq6SOTNEjCHDiXC/jMLDtYu
iq0F1iO/Fj+1vhNIzskorF+Q9VNX2o5ZzICgbBux5FfkUPx33Y/buIz/DAkfMYen
sCV7VyaR60VqraiiAbYZAtZhDuZQDAAuXnaDfvns3NE6q7PeB1J6eOya26IAqh3T
79NNXa/H2DLQy5GQohmhfcnm3sVHiYDrq312oo8Q85uAuJ+lE6AEZWK4MTS1HS/0
sTgll9HzGUS6FPnpfVYaym7VhgusA6LRrOHeJtMmFagbsmhVbHwf0/8Vg4hsbxDw
2SXzUqd4CPcGd6RHHYEGDoriYuyEyKkcrymHQHmGGGkm4rUb3LjO5oVO/Nsxb72F
LvEhqPM0CH5mPxUBFoo6SfdTraQ466zk9l0bHyUteliAsQ42u+E=
=deuX
-----END PGP SIGNATURE-----

Attachment: pgpFbORJ_tRpw.pgp
Description: PGP signature


--- End Message ---

Reply via email to