NetBSD Problem Report #39636

From  Sat Sep 27 16:47:05 2008
Return-Path: <>
Received: from ( [])
	by (Postfix) with ESMTP id 4C6A563B884
	for <>; Sat, 27 Sep 2008 16:47:05 +0000 (UTC)
Message-Id: <>
Date: Sat, 27 Sep 2008 12:47:00 -0400 (EDT)
Subject: fetchmail isn't doing IMAPS properly
X-Send-Pr-Version: 3.95

>Number:         39636
>Category:       lib
>Synopsis:       fetchmail isn't doing IMAPS
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    lib-bug-people
>State:          suspended
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Sep 27 16:50:00 +0000 2008
>Last-Modified:  Wed Mar 25 02:08:09 +0000 2009
>Originator:     Steven M. Bellovin
>Release:        NetBSD 4.99.72
Department of Computer Science, Columbia University

System: NetBSD 4.99.72 NetBSD 4.99.72 (YELLOWSTONE) #2: Thu Sep 25 21:47:44 EDT 2008 amd64
Architecture: x86_64
Machine: amd64
	When I build fetchmail on amd64-current, it can't connect over
	SSL to the IMAPS server I use:
	fetchmail: starting fetchmail 6.3.8 daemon
	140187686483524:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/usr/src/crypto/dist/openssl/ssl/s3_pkt.c:1116:SSL alert number 40
	fetchmail: SSL connection failed.
	fetchmail: socket error while fetching from
	fetchmail: Query status=2 (SOCKET)
	fetchmail: sleeping at Fri Sep 26 19:52:55 2008 for 180 seconds

	A binary of the same version of fetchmail (6.3.8nb3) built on
	4.99.59 does work.  ldd shows that the old binary is using; the new, failing, one is using
	Since I can connect to the IMAPS server using 'openssl s_client,
	I would suspect a fetchmail problem -- but makes it sound
	like an openssl issue.
	See above
	None known, unless you happen to have an old version of openssl
	lying around.


From: "Steven M. Bellovin" <>
Subject: Re: lib/39636: fetchmail isn't doing IMAPS properly
Date: Tue, 20 Jan 2009 10:42:41 -0500

 On Sat, 27 Sep 2008 16:50:01 +0000 (UTC) wrote:

 > Thank you very much for your problem report.
 > It has the internal identification `lib/39636'.
 > The individual assigned to look at your
 > report is: lib-bug-people. 
 > >Category:       lib
 > >Responsible:    lib-bug-people
 > >Synopsis:       fetchmail isn't doing IMAPS
 > >Arrival-Date:   Sat Sep 27 16:50:00 +0000 2008

 Looking at the Gentoo URL in the original PR, the problem occurs when
 SSL3 is explicitly requested (which I was, in fact, doing).  I can
 reproduce it with s_client if I specify -ssl3.  However, saying
 -no_tls1 works.  So -- it's an upstream openssl issue, and I don't know
 if they regard it as a bug.  I've worked around it in my fetchmail
 configuration, so I no longer care much.

 		--Steve Bellovin,

State-Changed-From-To: open->suspended
State-Changed-When: Wed, 25 Mar 2009 02:08:09 +0000
Upstream issue; should revisit it sometime


NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD:,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.