After upgrading to openssl 0.9.8g and libesmtp 1.0.4 I couldn't send any mails via SMTPS (TLSv1) anymore. The reason is that the code which checks the subjectaltnames/commonname of the certificate in libesmtp is broken. I've attached a patchfile, put it into files/ and add "epatch ${FILESDIR}/libesmtp-openssl-0.9.8g.patch" to the ebuild Reproducible: Always Steps to Reproduce:
Created attachment 145857 [details, diff] libesmtp-openssl-0.9.8g.patch
I did not encounter this problem until July 16, upon upgrading to dev-libs/openssl-1.0.0a. I use mail-mta/esmtp-1.2, which is built against libesmtp. After upgrading openssl, when attempting to send email using startls, I started getting this error: "Invalid peer certificate (error 20)" I just got around to diagnosing this, and it looks like the same problem mentioned here. This patch applies cleanly to net-libs/libesmtp-1.0.4, but it does not compile for me (complaining about two undeclared variables). I have attached the full build log, but the essence of the error seems to be here: -------------------------------------------------------------------------- smtp-tls.c: In function 'check_acceptable_security': smtp-tls.c:543: error: 'STACK' undeclared (first use in this function) smtp-tls.c:543: error: (Each undeclared identifier is reported only once smtp-tls.c:543: error: for each function it appears in.) smtp-tls.c:543: error: 'gens' undeclared (first use in this function) make[2]: *** [smtp-tls.lo] Error 1 make[2]: *** Waiting for unfinished jobs.... make[2]: Leaving directory `/var/tmp/portage/net-libs/libesmtp-1.0.4/work/libesmtp-1.0.4' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/net-libs/libesmtp-1.0.4/work/libesmtp-1.0.4' make: *** [all] Error 2 ---------------------------------------------------------------------------
Created attachment 242437 [details] build log with patch Attempt to build libesmtp with patch failed.
Also, I should add the following: On one of my machines, libesmtp-1.0.4 is working just fine with dev-libs/openssl-0.9.8o (I mention that because I would imagine that came after openssl-0.9.8g). On two of my machines, libesmtp-1.0.4 is NOT working, with dev-libs/openssl-1.0.0a-r1.
Created attachment 242479 [details] strace of failed mail send I have attached a brief strace of a simple attempt to send email. I'm to stupid to learn anything from it. I have included a couple of comments to demarcate things, in hopes of making it more useful. The strace was generated with the following configuration: net-libs/libesmtp-1.0.4 dev-libs/openssl-1.0.0a-r1 mail-mta/esmtp-1.2 (as transfer-only MTA -- this uses libesmtp) mail-client/nail-12.4-r1 (as MUA only; built with USE="-ssl")
libesmtp-1.0.6 looks good here with openssl-1.0.0a-r3, both are going stable. reopen if the problem is still there