NetBSD Problem Report #39636

From smb@cs.columbia.edu  Sat Sep 27 16:47:05 2008
Return-Path: <smb@cs.columbia.edu>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 4C6A563B884
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 27 Sep 2008 16:47:05 +0000 (UTC)
Message-Id: <20080927164700.26AC78386BC@yellowstone.machshav.com>
Date: Sat, 27 Sep 2008 12:47:00 -0400 (EDT)
From: smb@cs.columbia.edu
Reply-To: smb@cs.columbia.edu
To: gnats-bugs@gnats.NetBSD.org
Subject: fetchmail isn't doing IMAPS properly
X-Send-Pr-Version: 3.95

>Number:         39636
>Category:       lib
>Synopsis:       fetchmail isn't doing IMAPS
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    lib-bug-people
>State:          suspended
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Sep 27 16:50:00 +0000 2008
>Closed-Date:    
>Last-Modified:  Wed Mar 25 02:08:09 +0000 2009
>Originator:     Steven M. Bellovin
>Release:        NetBSD 4.99.72
>Organization:
Department of Computer Science, Columbia University
>Environment:


System: NetBSD yellowstone.machshav.com 4.99.72 NetBSD 4.99.72 (YELLOWSTONE) #2: Thu Sep 25 21:47:44 EDT 2008 root@yellowstone.machshav.com:/usr/BUILD/obj/sys/arch/amd64/compile/YELLOWSTONE amd64
Architecture: x86_64
Machine: amd64
>Description:
	When I build fetchmail on amd64-current, it can't connect over
	SSL to the IMAPS server I use:
	fetchmail: starting fetchmail 6.3.8 daemon
	140187686483524:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/usr/src/crypto/dist/openssl/ssl/s3_pkt.c:1116:SSL alert number 40
	fetchmail: SSL connection failed.
	fetchmail: socket error while fetching from smb2132@mail.columbia.edu
	fetchmail: Query status=2 (SOCKET)
	fetchmail: sleeping at Fri Sep 26 19:52:55 2008 for 180 seconds

	A binary of the same version of fetchmail (6.3.8nb3) built on
	4.99.59 does work.  ldd shows that the old binary is using
	libssl.so.4; the new, failing, one is using libssl.so.6.
	Since I can connect to the IMAPS server using 'openssl s_client,
	I would suspect a fetchmail problem -- but
	http://bugs.gentoo.org/show_bug.cgi?id=198914 makes it sound
	like an openssl issue.
>How-To-Repeat:
	See above
>Fix:
	None known, unless you happen to have an old version of openssl
	lying around.

>Release-Note:

>Audit-Trail:
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@NetBSD.org
Subject: Re: lib/39636: fetchmail isn't doing IMAPS properly
Date: Tue, 20 Jan 2009 10:42:41 -0500

 On Sat, 27 Sep 2008 16:50:01 +0000 (UTC)
 gnats-admin@NetBSD.org wrote:

 > Thank you very much for your problem report.
 > It has the internal identification `lib/39636'.
 > The individual assigned to look at your
 > report is: lib-bug-people. 
 > 
 > >Category:       lib
 > >Responsible:    lib-bug-people
 > >Synopsis:       fetchmail isn't doing IMAPS
 > >Arrival-Date:   Sat Sep 27 16:50:00 +0000 2008
 > 

 Looking at the Gentoo URL in the original PR, the problem occurs when
 SSL3 is explicitly requested (which I was, in fact, doing).  I can
 reproduce it with s_client if I specify -ssl3.  However, saying
 -no_tls1 works.  So -- it's an upstream openssl issue, and I don't know
 if they regard it as a bug.  I've worked around it in my fetchmail
 configuration, so I no longer care much.


 		--Steve Bellovin, http://www.cs.columbia.edu/~smb

State-Changed-From-To: open->suspended
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Wed, 25 Mar 2009 02:08:09 +0000
State-Changed-Why:
Upstream issue; should revisit it sometime


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.