** Description changed:

+ [Impact]
+ 
+ Fetchmail doesn't set hostname for SNI when using TLS. Without this,
+ fetchmail fails to verify the SSL certificate using TLS 1.2 for places
+ such as pop.gmail.com.
+ 
+ [Test Case]
+ 
+ # lxc launch ubuntu:cosmic tester
+ # lxc exec tester bash
+ # apt update
+ # apt dist-upgrade -y
+ # apt install -y fetchmail
+ # echo "set postmaster \"root\"
+ poll pop.gmail.com with proto POP3
+    user 'any-email-valid-or-...@gmail.com' there with password 'any-password' 
is root here options ssl
+ " > ~/.fetchmailrc
+ # chmod 700 ~/.fetchmailrc
+ # fetchmail -d0 -vk --sslcertck pop.gmail.com
+ ...
+ fetchmail: Server certificate:
+ fetchmail: Unknown Organization
+ fetchmail: Issuer CommonName: invalid2.invalid
+ fetchmail: Subject CommonName: invalid2.invalid
+ fetchmail: Server CommonName mismatch: invalid2.invalid != pop.gmail.com
+ fetchmail: Server certificate verification error: self signed certificate
+ ...
+ 
+ [Regression Potential]
+ 
+ This change affects how TLS connections are handled. The change adds a
+ server name indication, which will either be ignored or not by the host.
+ The only regression potential would be with possibly already broken SNI
+ code that is now being activated.
+ 
+ [Original Description]
+ 
  https://bugzilla.redhat.com/show_bug.cgi?id=1611815
  https://bugs.archlinux.org/task/60038
  
  ProblemType: Bug
  DistroRelease: Ubuntu 18.10
  Package: fetchmail 6.3.26-3build1
  ProcVersionSignature: Ubuntu 4.18.0-10.11-generic 4.18.12
  Uname: Linux 4.18.0-10-generic x86_64
  NonfreeKernelModules: wl nvidia_modeset nvidia
  ApportVersion: 2.20.10-0ubuntu13
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Fri Oct 19 11:08:36 2018
  InstallationDate: Installed on 2018-01-01 (290 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20171221)
  SourcePackage: fetchmail
  UpgradeStatus: Upgraded to cosmic on 2018-10-18 (0 days ago)
  modified.conffile..etc.default.apport: [modified]
  mtime.conffile..etc.default.apport: 2018-01-18T18:05:44.880717

** Changed in: fetchmail (Ubuntu)
       Status: Confirmed => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798786

Title:
  can't retrieve gmail emails. fetchmail: OU=No SNI provided; please fix
  your client./CN=invalid2.invalid

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fetchmail/+bug/1798786/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to