On Fri, May 20, 2022 at 04:08:25PM +1200, Avon Robertson wrote:
> I have been unable to fetch mail with mutt on this host using either the
> currently installed snapshot and mutt package, or the snapshot and mutt
> package that had been installed 2-3 days previously.
>
> I have been able to send mail using mutt in conjuction with msmtp from
> this host.
>
> mutt's error-history command displays
>
> Reading /home/aer/var/mail/inbox...
> Reading /home/aer/var/mail/inbox... 0
> Looking up pop3.xtra.co.nz...
> Connecting to pop3.xtra.co.nz...
> SSL failed: error:14007086:SSL routines:CONNECT_CR_CERT:certificate
> +verify failed
> Error connecting to server: pop3.xtra.co.nz
There is a good chance that this is a bug I introduced by adding a more
stringent check when rewriting ASN1_STRING_to_UTF8(). This can now fail
if passed an uninitialized pointer. This bug should be fixed via
x509_utl.c r1.3 and a_string.c r1.11 which add initialization and relax
the check again.
X509_verify_cert()
x509_verify()
x509_verify_cert_hostname()
X509_check_host()
do_x509_check()
do_check_string()
ASN1_STRING_to_UTF8()
If this is the problem, you can fix this by checking out very current
sources and rebuilding libcrypto
cd /usr/src/lib/libcrypto
make obj
doas make includes
make
doas make install
or you can wait for a new snapshot including this fix and try again.
