Bionic will be affected, when OpenSSL 1.1.1 is SRUed into Bionic via
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386

** Also affects: isync (Ubuntu Cosmic)
   Importance: Undecided
       Status: New

** Also affects: isync (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Description changed:

+ [Impact]
+ 
+  * OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname
+ SSL context option must be set when establishing the connection,
+ otherwise, validation of SNI certificates fail and thus resulting in
+ lack of connectivity.
+ 
+ [Test Case]
+ 
+  * use isync to connect to an SNI tls protected host, e.g.
+ imap.gmail.com
+ 
+ [Regression Potential]
+ 
+  * change is compatible with python versions shipped in bionic-release
+  * change is from upstream / tested in debian & disco
+  * change improves security, and is compatible with deployed servers out there
+  * hosts with certificates not matching their actual hostname will remain 
invalid/untrusted
+ 
+ [Other Info]
+  
+  * original bug report
+ 
  Hi,
  
  I just upgraded to cosmic and have hit the issue described in debian bug
  #9065955 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906955 -
  mbsync won't connect to e.g. gmail because of SSL errors.
  
  I downloaded 1.3.0-2 from Debian and it works. Would it be possible to
  backport the fix to Cosmic please? Bionic is unaffected.
  
  Regards,
  Daniel

** Bug watch added: Debian Bug tracker #906955
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906955

** Also affects: isync (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906955
   Importance: Unknown
       Status: Unknown

** Changed in: isync (Ubuntu)
       Status: New => Fix Released

** Changed in: isync (Ubuntu Bionic)
       Status: New => In Progress

** Changed in: isync (Ubuntu Cosmic)
       Status: New => In Progress

** Description changed:

  [Impact]
  
-  * OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname
+  * OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname
  SSL context option must be set when establishing the connection,
  otherwise, validation of SNI certificates fail and thus resulting in
  lack of connectivity.
  
  [Test Case]
  
-  * use isync to connect to an SNI tls protected host, e.g.
+  * use isync to connect to an SNI tls protected host, e.g.
  imap.gmail.com
  
  [Regression Potential]
  
-  * change is compatible with python versions shipped in bionic-release
-  * change is from upstream / tested in debian & disco
-  * change improves security, and is compatible with deployed servers out there
-  * hosts with certificates not matching their actual hostname will remain 
invalid/untrusted
+  * change is compatible with openssl versions shipped in bionic/cosmic-release
+  * change is from upstream / tested in debian & disco
+  * change improves security, and is compatible with deployed servers out there
+  * hosts with certificates not matching their actual hostname will remain 
invalid/untrusted
  
  [Other Info]
-  
-  * original bug report
+ 
+  * original bug report
  
  Hi,
  
  I just upgraded to cosmic and have hit the issue described in debian bug
  #9065955 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906955 -
  mbsync won't connect to e.g. gmail because of SSL errors.
  
  I downloaded 1.3.0-2 from Debian and it works. Would it be possible to
  backport the fix to Cosmic please? Bionic is unaffected.
  
  Regards,
  Daniel

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1812667

Title:
  Can't verify some ssl certificates (e.g. imap.gmail.com)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isync/+bug/1812667/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to