Package: sendmail Version: 8.17.1.9-2+deb12u2 Followup-For: Bug #1086178 Control: tags -1 upstream patch
The attached patch fixes this issue for me. It has been submitted upstream to sendmail-YYYY (at) support.sendmail.org. Don't know if patches sent to address is tracked anywhere. BjÃrn
From a43bb19d2f26267f7098a114edc2c191f45e4286 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bj...@mork.no> Date: Tue, 29 Oct 2024 12:17:04 +0100 Subject: [PATCH] cf: fix wildcard handling in STS_SAN rule MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MXes with wildcard certificates would be rejected with a bogus "not listed in SANs" error. Fix by rewriting the MX hostname to its wildcard alternative, and then reattempt the SAN class match. Link: https://www.novabbs.com/computers/article-flat.php?id=1120&group=comp.mail.sendmail Signed-off-by: Bjørn Mork <bj...@mork.no> --- cf/m4/proto.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4 index ff7eb0bedc2a..d143b42fbae9 100644 --- a/cf/m4/proto.m4 +++ b/cf/m4/proto.m4 @@ -2748,9 +2748,9 @@ R$* $: $&{server_name} dnl exact match R$={cert_altnames} $@ ok # strip only one level (no recursion!) -R$-.$+ $: $2 +R$-.$+ $: *.$2 dnl wildcard: *. or just .? -R *.$={cert_altnames} $@ ok +R$={cert_altnames} $@ ok dnl R .$={cert_altnames} $@ ok dnl always temporary error? make it an option (of the feature)? R$* $#error $@ 4.7.0 $: 450 $&{server_name} not listed in SANs', `dnl') -- 2.39.5
