NetBSD Problem Report #39636
From smb@cs.columbia.edu Sat Sep 27 16:47:05 2008
Return-Path: <smb@cs.columbia.edu>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 4C6A563B884
for <gnats-bugs@gnats.NetBSD.org>; Sat, 27 Sep 2008 16:47:05 +0000 (UTC)
Message-Id: <20080927164700.26AC78386BC@yellowstone.machshav.com>
Date: Sat, 27 Sep 2008 12:47:00 -0400 (EDT)
From: smb@cs.columbia.edu
Reply-To: smb@cs.columbia.edu
To: gnats-bugs@gnats.NetBSD.org
Subject: fetchmail isn't doing IMAPS properly
X-Send-Pr-Version: 3.95
>Number: 39636
>Category: lib
>Synopsis: fetchmail isn't doing IMAPS
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: lib-bug-people
>State: suspended
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Sep 27 16:50:00 +0000 2008
>Closed-Date:
>Last-Modified: Wed Mar 25 02:08:09 +0000 2009
>Originator: Steven M. Bellovin
>Release: NetBSD 4.99.72
>Organization:
Department of Computer Science, Columbia University
>Environment:
System: NetBSD yellowstone.machshav.com 4.99.72 NetBSD 4.99.72 (YELLOWSTONE) #2: Thu Sep 25 21:47:44 EDT 2008 root@yellowstone.machshav.com:/usr/BUILD/obj/sys/arch/amd64/compile/YELLOWSTONE amd64
Architecture: x86_64
Machine: amd64
>Description:
When I build fetchmail on amd64-current, it can't connect over
SSL to the IMAPS server I use:
fetchmail: starting fetchmail 6.3.8 daemon
140187686483524:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/usr/src/crypto/dist/openssl/ssl/s3_pkt.c:1116:SSL alert number 40
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from smb2132@mail.columbia.edu
fetchmail: Query status=2 (SOCKET)
fetchmail: sleeping at Fri Sep 26 19:52:55 2008 for 180 seconds
A binary of the same version of fetchmail (6.3.8nb3) built on
4.99.59 does work. ldd shows that the old binary is using
libssl.so.4; the new, failing, one is using libssl.so.6.
Since I can connect to the IMAPS server using 'openssl s_client,
I would suspect a fetchmail problem -- but
http://bugs.gentoo.org/show_bug.cgi?id=198914 makes it sound
like an openssl issue.
>How-To-Repeat:
See above
>Fix:
None known, unless you happen to have an old version of openssl
lying around.
>Release-Note:
>Audit-Trail:
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@NetBSD.org
Subject: Re: lib/39636: fetchmail isn't doing IMAPS properly
Date: Tue, 20 Jan 2009 10:42:41 -0500
On Sat, 27 Sep 2008 16:50:01 +0000 (UTC)
gnats-admin@NetBSD.org wrote:
> Thank you very much for your problem report.
> It has the internal identification `lib/39636'.
> The individual assigned to look at your
> report is: lib-bug-people.
>
> >Category: lib
> >Responsible: lib-bug-people
> >Synopsis: fetchmail isn't doing IMAPS
> >Arrival-Date: Sat Sep 27 16:50:00 +0000 2008
>
Looking at the Gentoo URL in the original PR, the problem occurs when
SSL3 is explicitly requested (which I was, in fact, doing). I can
reproduce it with s_client if I specify -ssl3. However, saying
-no_tls1 works. So -- it's an upstream openssl issue, and I don't know
if they regard it as a bug. I've worked around it in my fetchmail
configuration, so I no longer care much.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
State-Changed-From-To: open->suspended
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Wed, 25 Mar 2009 02:08:09 +0000
State-Changed-Why:
Upstream issue; should revisit it sometime
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.