Bionic verification
First, reproducing the bug, following the test steps:
Version used:
*** 6.3.26-3build1 500
500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
Bug reproduced:
root@bionic-fetchmail-sni:~# fetchmail -d0 -vk --sslcertck pop.gmail.com
fetchmail: WARNING: Running as root is discouraged.
fetchmail: 6.3.26 querying pop.gmail.com (protocol POP3) at Wed Jun 12 15:27:44
2019: poll started
Trying to connect to 64.233.190.108/995...connected.
fetchmail: Server certificate:
fetchmail: Unknown Organization
fetchmail: Issuer CommonName: invalid2.invalid
fetchmail: Subject CommonName: invalid2.invalid
fetchmail: Server CommonName mismatch: invalid2.invalid != pop.gmail.com
fetchmail: pop.gmail.com key fingerprint:
90:4A:C8:D5:44:5A:D0:6A:8A:10:FF:CD:8B:11:BE:16
fetchmail: Server certificate verification error: self signed certificate
fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix
your client./CN=invalid2.invalid
fetchmail: This could mean that the root CA's signing certificate is not in the
trusted CA certificate location, or that c_rehash needs to be run on the
certificate directory. For details, please see the documentation of
--sslcertpath and --sslcertfile in the manual page.
fetchmail: OpenSSL reported: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from
any-email-valid-or-...@gmail.com@pop.gmail.com
fetchmail: 6.3.26 querying pop.gmail.com (protocol POP3) at Wed Jun 12 15:27:44
2019: poll completed
fetchmail: Query status=2 (SOCKET)
fetchmail: normal termination, status 2
Now updating to this version:
root@bionic-fetchmail-sni:~# apt-cache policy fetchmail
fetchmail:
Installed: 6.3.26-3ubuntu0.1~18.04.1
Candidate: 6.3.26-3ubuntu0.1~18.04.1
Version table:
*** 6.3.26-3ubuntu0.1~18.04.1 500
500 http://archive.ubuntu.com/ubuntu bionic-proposed/main amd64 Packages
This time, TLS1.3 is established, and we just get the authentication error as
expected:
root@bionic-fetchmail-sni:~# fetchmail -d0 -vk --sslcertck pop.gmail.com
fetchmail: WARNING: Running as root is discouraged.
fetchmail: 6.3.26 querying pop.gmail.com (protocol POP3) at Wed Jun 12 15:28:52
2019: poll started
Trying to connect to 64.233.186.108/995...connected.
fetchmail: Server certificate:
fetchmail: Issuer Organization: Google Trust Services
fetchmail: Issuer CommonName: Google Internet Authority G3
fetchmail: Subject CommonName: pop.gmail.com
fetchmail: Subject Alternative Name: pop.gmail.com
fetchmail: pop.gmail.com key fingerprint:
BC:92:09:CC:42:0E:AA:91:CA:B6:64:C5:80:8B:08:74
fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_256_GCM_SHA384,
256/256 secret/processed bits
fetchmail: POP3< +OK Gpop ready for requests from 177.16.188.25 z4mb74186347qtc
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< USER
fetchmail: POP3< RESP-CODES
fetchmail: POP3< EXPIRE 0
fetchmail: POP3< LOGIN-DELAY 300
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< X-GOOGLE-RICO
fetchmail: POP3< SASL PLAIN XOAUTH2 OAUTHBEARER
fetchmail: POP3< .
fetchmail: POP3> USER any-email-valid-or-...@gmail.com
fetchmail: POP3< +OK send PASS
fetchmail: POP3> PASS *
fetchmail: POP3< -ERR [AUTH] Username and password not accepted.
fetchmail: [AUTH] Username and password not accepted.
fetchmail: Authorization failure on
any-email-valid-or-...@gmail.com@gmail-pop.l.google.com
fetchmail: For help, see http://www.fetchmail.info/fetchmail-FAQ.html#R15
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Bye z4mb74186347qtc
fetchmail: 6.3.26 querying pop.gmail.com (protocol POP3) at Wed Jun 12 15:28:53
2019: poll completed
fetchmail: Query status=3 (AUTHFAIL)
fetchmail: normal termination, status 3
Bionic verification succeeded.
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1798786
Title:
can't retrieve gmail emails. fetchmail: OU=No SNI provided; please fix
your client./CN=invalid2.invalid
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fetchmail/+bug/1798786/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
