Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 213066 - net-libs/libesmtp-1.0.4 is broken with dev-libs/openssl-0.9.8g
Summary: net-libs/libesmtp-1.0.4 is broken with dev-libs/openssl-0.9.8g
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Library (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Net-Mail Packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-11 19:44 UTC by sECuRE
Modified: 2010-09-28 10:26 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
libesmtp-openssl-0.9.8g.patch (esmtp.patch,2.70 KB, patch)
2008-03-11 19:45 UTC, sECuRE
Details | Diff
build log with patch (net-libs:libesmtp-1.0.4:20100811-144710.log,47.99 KB, text/plain)
2010-08-11 16:05 UTC, Boney McCracker
Details
strace of failed mail send (strace.txt,10.49 KB, text/plain)
2010-08-11 19:36 UTC, Boney McCracker
Details

Note You need to log in before you can comment on or make changes to this bug.
Description sECuRE 2008-03-11 19:44:23 UTC
After upgrading to openssl 0.9.8g and libesmtp 1.0.4 I couldn't send any mails via SMTPS (TLSv1) anymore. The reason is that the code which checks the subjectaltnames/commonname of the certificate in libesmtp is broken.

I've attached a patchfile, put it into files/ and add "epatch ${FILESDIR}/libesmtp-openssl-0.9.8g.patch" to the ebuild

Reproducible: Always

Steps to Reproduce:
Comment 1 sECuRE 2008-03-11 19:45:09 UTC
Created attachment 145857 [details, diff]
libesmtp-openssl-0.9.8g.patch
Comment 2 Boney McCracker 2010-08-11 16:02:48 UTC
I did not encounter this problem until July 16, upon upgrading to dev-libs/openssl-1.0.0a.

I use mail-mta/esmtp-1.2, which is built against libesmtp.  After upgrading openssl, when attempting to send email using startls, I started getting this error: "Invalid peer certificate (error 20)"

I just got around to diagnosing this, and it looks like the same problem mentioned here.

This patch applies cleanly to net-libs/libesmtp-1.0.4, but it does not compile for me (complaining about two undeclared variables).  I have attached the full build log, but the essence of the error seems to be here:

--------------------------------------------------------------------------
smtp-tls.c: In function 'check_acceptable_security':
smtp-tls.c:543: error: 'STACK' undeclared (first use in this function)
smtp-tls.c:543: error: (Each undeclared identifier is reported only once
smtp-tls.c:543: error: for each function it appears in.)
smtp-tls.c:543: error: 'gens' undeclared (first use in this function)
make[2]: *** [smtp-tls.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
make[2]: Leaving directory `/var/tmp/portage/net-libs/libesmtp-1.0.4/work/libesmtp-1.0.4'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/net-libs/libesmtp-1.0.4/work/libesmtp-1.0.4'
make: *** [all] Error 2
---------------------------------------------------------------------------
Comment 3 Boney McCracker 2010-08-11 16:05:08 UTC
Created attachment 242437 [details]
build log with patch

Attempt to build libesmtp with patch failed.
Comment 4 Boney McCracker 2010-08-11 19:24:36 UTC
Also, I should add the following:

On one of my machines, libesmtp-1.0.4 is working just fine with dev-libs/openssl-0.9.8o  (I mention that because I would imagine that came after openssl-0.9.8g).

On two of my machines, libesmtp-1.0.4 is NOT working, with dev-libs/openssl-1.0.0a-r1.
Comment 5 Boney McCracker 2010-08-11 19:36:16 UTC
Created attachment 242479 [details]
strace of failed mail send

I have attached a brief strace of a simple attempt to send email.  I'm to stupid to learn anything from it.

I have included a couple of comments to demarcate things, in hopes of making it more useful.

The strace was generated with the following configuration:

net-libs/libesmtp-1.0.4
dev-libs/openssl-1.0.0a-r1
mail-mta/esmtp-1.2 (as transfer-only MTA -- this uses libesmtp)
mail-client/nail-12.4-r1 (as MUA only; built with USE="-ssl")
Comment 6 Samuli Suominen (RETIRED) gentoo-dev 2010-09-28 10:26:59 UTC
libesmtp-1.0.6 looks good here with openssl-1.0.0a-r3, both are going stable.
reopen if the problem is still there