Bug#907193: Fails to set SNI
With feeling this time. From 52edd12db272e511b13db1092c11d86e9f735e51 Mon Sep 17 00:00:00 2001 From: Ryan Kavanagh Date: Fri, 24 Aug 2018 11:02:36 -0400 Subject: [PATCH] Set SNI to server name (Closes: #907193) --- debian/patches/series | 1 + debian/patches/set_sni.diff | 20 2 files changed, 21 insertions(+) create mode 100644 debian/patches/set_sni.diff diff --git a/debian/patches/series b/debian/patches/series index 3d95e1a..bc4c443 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ fix-makefile.diff #ubuntu-switch-to-SSLv23_client_method-and-use-CTX-options-to-select-protocol.patch +set_sni.diff diff --git a/debian/patches/set_sni.diff b/debian/patches/set_sni.diff new file mode 100644 index 000..dd6f2d8 --- /dev/null +++ b/debian/patches/set_sni.diff @@ -0,0 +1,20 @@ +Description: set SNI +Author: Ryan Kavanagh +Origin: Debian +Bug-Debian: https://bugs.debian.org/907193 +Forwarded: https://github.com/lefcha/imapfilter/pull/185 +Last-Update: 2018-08-24 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: imapfilter/src/socket.c +=== +--- imapfilter.orig/src/socket.c 2018-08-23 17:38:49.193720987 -0400 imapfilter/src/socket.c 2018-08-23 17:44:07.043509188 -0400 +@@ -141,6 +141,7 @@ + if (!(ssn->sslconn = SSL_new(ctx))) + goto fail; + ++ SSL_set_tlsext_host_name(ssn->sslconn, ssn->server); + SSL_set_fd(ssn->sslconn, ssn->socket); + + for (;;) { -- 2.18.0 signature.asc Description: PGP signature
Bug#907193: Fails to set SNI
Control: tags -1 + patch Please see the attached patch, which you can apply with: git am 0001-Set-SNI-to-server-name-Closes-907193.patch Best, Ryan -- |)|/ Ryan Kavanagh | GPG: 4E46 9519 ED67 7734 268F |\|\ https://rak.ac | BD95 8F7B F8FC 4A11 C97A signature.asc Description: PGP signature
Bug#907193: Fails to set SNI
Package: imapfilter Version: 1:2.6.11-1 Severity: normal Tags: upstream imapfilter fails to set SNI. This means that imapfilter no longer works with Gmail's IMAP servers. In particular, Gmail sends a self-signed certificate, causing imapfilter to preset the following: Server certificate subject: /OU=No SNI provided; please fix your client./CN=invalid2.invalid Server certificate issuer: /OU=No SNI provided; please fix your client./CN=invalid2.invalid Server certificate serial: Server key fingerprint: 90:4A:C8:D5:44:5A:D0:6A:8A:10:FF:CD:8B:11:BE:16 (R)eject, accept (t)emporarily or accept (p)ermanently? See the following thread on openssl-project for details: https://mta.openssl.org/pipermail/openssl-project/2018-April/000623.html -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_CA.UTF-8), LANGUAGE=en_CA.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_CA.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages imapfilter depends on: ii libc62.27-5 ii liblua5.2-0 5.2.4-1.1+b2 ii libpcre3 2:8.39-11 ii libssl1.11.1.1~~pre9-1 imapfilter recommends no packages. imapfilter suggests no packages. -- no debconf information -- |)|/ Ryan Kavanagh | GPG: 4E46 9519 ED67 7734 268F |\|\ https://rak.ac | BD95 8F7B F8FC 4A11 C97A signature.asc Description: PGP signature