Bug#907193: Fails to set SNI
With feeling this time.
From 52edd12db272e511b13db1092c11d86e9f735e51 Mon Sep 17 00:00:00 2001
From: Ryan Kavanagh
Date: Fri, 24 Aug 2018 11:02:36 -0400
Subject: [PATCH] Set SNI to server name (Closes: #907193)
---
debian/patches/series | 1 +
debian/patches/set_sni.diff | 20
2 files changed, 21 insertions(+)
create mode 100644 debian/patches/set_sni.diff
diff --git a/debian/patches/series b/debian/patches/series
index 3d95e1a..bc4c443 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
fix-makefile.diff
#ubuntu-switch-to-SSLv23_client_method-and-use-CTX-options-to-select-protocol.patch
+set_sni.diff
diff --git a/debian/patches/set_sni.diff b/debian/patches/set_sni.diff
new file mode 100644
index 000..dd6f2d8
--- /dev/null
+++ b/debian/patches/set_sni.diff
@@ -0,0 +1,20 @@
+Description: set SNI
+Author: Ryan Kavanagh
+Origin: Debian
+Bug-Debian: https://bugs.debian.org/907193
+Forwarded: https://github.com/lefcha/imapfilter/pull/185
+Last-Update: 2018-08-24
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: imapfilter/src/socket.c
+===
+--- imapfilter.orig/src/socket.c 2018-08-23 17:38:49.193720987 -0400
imapfilter/src/socket.c 2018-08-23 17:44:07.043509188 -0400
+@@ -141,6 +141,7 @@
+ if (!(ssn->sslconn = SSL_new(ctx)))
+ goto fail;
+
++ SSL_set_tlsext_host_name(ssn->sslconn, ssn->server);
+ SSL_set_fd(ssn->sslconn, ssn->socket);
+
+ for (;;) {
--
2.18.0
signature.asc
Description: PGP signature
Bug#907193: Fails to set SNI
Control: tags -1 + patch Please see the attached patch, which you can apply with: git am 0001-Set-SNI-to-server-name-Closes-907193.patch Best, Ryan -- |)|/ Ryan Kavanagh | GPG: 4E46 9519 ED67 7734 268F |\|\ https://rak.ac | BD95 8F7B F8FC 4A11 C97A signature.asc Description: PGP signature
Bug#907193: Fails to set SNI
Package: imapfilter Version: 1:2.6.11-1 Severity: normal Tags: upstream imapfilter fails to set SNI. This means that imapfilter no longer works with Gmail's IMAP servers. In particular, Gmail sends a self-signed certificate, causing imapfilter to preset the following: Server certificate subject: /OU=No SNI provided; please fix your client./CN=invalid2.invalid Server certificate issuer: /OU=No SNI provided; please fix your client./CN=invalid2.invalid Server certificate serial: Server key fingerprint: 90:4A:C8:D5:44:5A:D0:6A:8A:10:FF:CD:8B:11:BE:16 (R)eject, accept (t)emporarily or accept (p)ermanently? See the following thread on openssl-project for details: https://mta.openssl.org/pipermail/openssl-project/2018-April/000623.html -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_CA.UTF-8), LANGUAGE=en_CA.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_CA.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages imapfilter depends on: ii libc62.27-5 ii liblua5.2-0 5.2.4-1.1+b2 ii libpcre3 2:8.39-11 ii libssl1.11.1.1~~pre9-1 imapfilter recommends no packages. imapfilter suggests no packages. -- no debconf information -- |)|/ Ryan Kavanagh | GPG: 4E46 9519 ED67 7734 268F |\|\ https://rak.ac | BD95 8F7B F8FC 4A11 C97A signature.asc Description: PGP signature
