Re: mutt fetch-mail ssl error

Fri, 20 May 2022 02:47:19 -0700 

Am Fri, 20 May 2022 10:47:12 +0200
schrieb Theo Buehler <t...@theobuehler.org>:

> On Fri, May 20, 2022 at 04:08:25PM +1200, Avon Robertson wrote:
> > I have been unable to fetch mail with mutt on this host using
> > either the currently installed snapshot and mutt package, or the
> > snapshot and mutt package that had been installed 2-3 days
> > previously.
> > 
> > I have been able to send mail using mutt in conjuction with msmtp
> > from this host.
> > 
> > mutt's error-history command displays
> > 
> > Reading /home/aer/var/mail/inbox...
> > Reading /home/aer/var/mail/inbox... 0
> > Looking up pop3.xtra.co.nz...
> > Connecting to pop3.xtra.co.nz...
> > SSL failed: error:14007086:SSL routines:CONNECT_CR_CERT:certificate
> > +verify failed
> > Error connecting to server: pop3.xtra.co.nz  
> 
> There is a good chance that this is a bug I introduced by adding a
> more stringent check when rewriting ASN1_STRING_to_UTF8(). This can
> now fail if passed an uninitialized pointer. This bug should be fixed
> via x509_utl.c r1.3 and a_string.c r1.11 which add initialization and
> relax the check again.
> 
> X509_verify_cert()
>  x509_verify() 
>   x509_verify_cert_hostname()
>    X509_check_host()
>     do_x509_check()
>      do_check_string()
>       ASN1_STRING_to_UTF8()
> 
> If this is the problem, you can fix this by checking out very current
> sources and rebuilding libcrypto
> 
>   cd /usr/src/lib/libcrypto
>   make obj
>   doas make includes
>   make
>   doas make install
> 
> or you can wait for a new snapshot including this fix and try again.
> 

Thanks for the note. I also saw some x509 errors when prosody would not
start after updating the system yesterday.

potato# prosodyctl
/usr/local/bin/lua53: /usr/local/lib/prosody/util/x509.lua:270: bad argument #1 
to 'nameprep' (string expected, got nil)
stack traceback:
        [C]: in upvalue 'nameprep'
        /usr/local/lib/prosody/util/x509.lua:270: in function 
'util.x509.get_identities'
        /usr/local/lib/prosody/core/certmanager.lua:131: in function 
'core.certmanager.index_certs'
        /usr/local/lib/prosody/core/certmanager.lua:175: in function 
'core.certmanager.find_host_cert'
        /usr/local/lib/prosody/core/certmanager.lua:330: in function 
'core.certmanager.create_context'
        /usr/local/lib/prosody/util/startup.lua:394: in function 
'util.startup.init_http_client'
        /usr/local/lib/prosody/util/startup.lua:663: in function 
'util.startup.prosodyctl'
        /usr/local/sbin/prosodyctl:48: in main chunk
        [C]: in ?


-- 
greetings,

Florian Viehweger

Reply via email to