On Mon, Jul 03, 2006 at 12:53:44AM +0200, Julien Louis wrote:
> On Sun, Jul 02, 2006 at 07:37:54PM +0300, Marko Mäkelä wrote:
> > Indeed, replacing --with-ssl=gnutls in DEB_CONFIGURE_EXTRA_FLAGS
> > with --with-ssl=openssl does the trick. I hope you can find out
> > what gnutls is doing differently from openssl.
>
> it seems gnutls can open a new encrypted connection on your server.
> But it can't
> do it with the TLS protocol, try the following commands:
> gnutls-cli -s -p 1025 your.mailserver.com
> at prompt enter the following command (one for each prompt):
> EHLO example.com
> STARTTLS
> Ctrl-D
>
> The handshake negocation fails.
I got a SIGSEGV, using the gnutls-cli from gnutls-bin Version: 1.4.0-2:
STARTTLS
220 begin TLS
*** Starting TLS handshake
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [10]: Unexpected message
*** Handshake has failed
Program received signal SIGSEGV, Segmentation fault.
0x0804dcfa in ?? ()
(gdb) bt
#0 0x0804dcfa in ?? ()
#1 0xb7eba740 in _IO_2_1_stdout_ () from /lib/tls/libc.so.6
#2 0x00000001 in ?? ()
#3 0x00000019 in ?? ()
#4 0xb7eba480 in _IO_list_all () from /lib/tls/libc.so.6
#5 0xbfff53f4 in ?? ()
#6 0x00000000 in ?? ()
Isn't this a potential security hole in gnutls-cli?
> Now try with the following command:
> gnutls-cli -s --protocols ssl3.0 -p 1025 your.mailserver.com
> at prompt enter the following command (one for each prompt):
> EHLO example.com
> STARTTLS
> Ctrl-D
>
> You get the server certificate, now look at the protocol version used.
Indeed: SSL 3.0.
> it seems msmtp can't connect to server which use SSL 3.0 protocol.
> A solution might be to link against libgnutls-openssl to add support for
> openssl 3.0 compatibility layer.
I'm glad to test any patches, if that is needed.
Marko
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
