Bug#907063: fetchmail: sslcertck fails with GMAIL

Thu, 23 Aug 2018 09:36:34 -0700 

Package: fetchmail
Version: 6.3.26-3
Severity: important
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

When using sslcertck with a GMAIL server, the check fails since GMAIL now
requires a Server Name Indication (SNI). This is fixed in Experimental
(6.4.0~beta4-1) but you may want to include it in Sid (6.3.26-3) due to the
wide impact.

The following worked for me as a temporary fix:

- --- a/socket.c
+++ b/socket.c
@@ -1041,6 +1041,8 @@
                SSL_use_RSAPrivateKey_file(_ssl_context[sock], mykey,
SSL_FILETYPE_PEM);
        }

+       SSL_set_tlsext_host_name(_ssl_context[sock],servercname);
+
        if (SSL_set_fd(_ssl_context[sock], sock) == 0
            || (ssle_connect = SSL_connect(_ssl_context[sock])) < 1) {
                int e = errno;



- -- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-updates'), (500, 'stable-debug'), (500, 
'testing'), (500, 'stable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.17.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fetchmail depends on:
ii  adduser           3.117
ii  debianutils       4.8.6
ii  libc6             2.27-5
ii  libcom-err2       1.44.4-1
ii  libgssapi-krb5-2  1.16-2
ii  libk5crypto3      1.16-2
ii  libkrb5-3         1.16-2
ii  libssl1.1         1.1.1~~pre9-1
ii  lsb-base          9.20170808

Versions of packages fetchmail recommends:
ii  ca-certificates  20180409

Versions of packages fetchmail suggests:
ii  exim4-daemon-heavy [mail-transport-agent]  4.91-6
pn  fetchmailconf                              <none>
ii  resolvconf                                 1.79

- -- Configuration Files:
/etc/logcheck/ignore.d.server/fetchmail [Errno 13] Permission denied: 
'/etc/logcheck/ignore.d.server/fetchmail'
/etc/logcheck/ignore.d.workstation/fetchmail [Errno 13] Permission denied: 
'/etc/logcheck/ignore.d.workstation/fetchmail'

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEOexxovf7Ie4VsjV8e6VjMYfM+fsFAlt+4jMTHHdocmF2ZW4y
QGdtYWlsLmNvbQAKCRB7pWMxh8z5+xqBEAC6LIv4IQGKVOFJxxFjzt++QrF6sU5j
WrFMobrN5Iv0lwAhHRki3JiLDb5m2I9Bzo1K1ECOakn3QBMCsxf3MTy+98qFgkJb
WSyA/TpOFP8a1hpXGlgLd6cKQFr5GzSFC6GylXqa5PVHcsHZpx5OjfbaTymoo6jf
v+iVbxp/cJyIJjxkUWy+yR1Dff6kWYIJ0AfI5k38uVEJggjITcoEbRSo7qWypBzp
DfS4IYxsoytWbR4165C/lDl6yU+O/zKYeRhY9g6KrMM7X4C4j+Mb5lApYAS31WWi
Vri4x6Y76VYuSPf7sN86xq7ylM/r3VS12ZQSdC06QAG9QbAiQMti/24GZ0CK9PMS
ZIZUVzCCnmxUUvtXpPbcJ57QttKypXjX7158qEV0aZzZ9pOg6f/J7j/i1iCgcKnJ
kEo5lpuWncUIIKVo1RaAS29UMmXlaSkYxPmx63UMm+ggizti5N1lC8NSZm7Lq6DO
1ytXgN69y14dEfLmSWbV3YnWJlOYOD50e4T/8fIGU5rkvBQuBgQ4pk2mH639t4iZ
AY4ABO4lrliW5FZpnyCCNuidINyCIm4fEQr5RyJhTtFfdDagfWam8qVg06LKsUeZ
igM8mpRL0fkfTN7E0/UZrhMZeOrpuR9PFcmfTCo4agwZT0mrNLxVNoO+VW4ehSzR
d+Tpg2eS/oggug==
=VJM7
-----END PGP SIGNATURE-----

--- a/socket.c
+++ b/socket.c
@@ -1041,6 +1041,8 @@
                SSL_use_RSAPrivateKey_file(_ssl_context[sock], mykey, 
SSL_FILETYPE_PEM);
        }
 
+       SSL_set_tlsext_host_name(_ssl_context[sock],servercname);
+
        if (SSL_set_fd(_ssl_context[sock], sock) == 0 
            || (ssle_connect = SSL_connect(_ssl_context[sock])) < 1) {
                int e = errno;

Reply via email to