Bug 112011 - [patch] msmtp changes require a certificate file with tls
Summary: [patch] msmtp changes require a certificate file with tls
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Roman Bogorodskiy
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-04-22 16:30 UTC by Scott Robbins
Modified: 2007-04-27 06:20 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Scott Robbins 2007-04-22 16:30:05 UTC 
	The msmtp port now requires, if you have tls on in the .msmtprc
file, that you either point it to a certificate file or turn off tls
checking, which is not recommended by the program's author.

Fix: 

One can either add the line "tls_certcheck off" which is not recommended
by the program's author, or add a line pointing to a trust file.  The
/etc/ssl/cert.pem file is sufficient, so adding the line
tls_trust_file /etc/ssl/cert.pem
will fix the issue. 

I have a usable pkg-message at http://www.scottro.net/pkg-message and a
minor patch to the Makefile (simply changing the bsd.port.mk to use
pre.mk and post.mk and echoing the pkg-message) at
http://www.scottro.net/patch.msmtp
How-To-Repeat:     Install the msmtp port, include the line "tls on" in your .msmtprc
file and try to send an email.  The send will fail with an error
message.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2007-04-22 22:17:22 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->novel

Over to maintainer
Comment 2 Scott Robbins 2007-04-23 14:26:19 UTC 
I see that the cert.pem in /etc/ssl only seems to be on my CURRENT box.
The STABLE boxes I run don't have it. 

So I'm afraid that my fix is not applicable to all systems.  
There are other packages that work--for example, if one installs curl,
it includes a /usr/local/share/curl/curl-ca-bundle.crt that also works.  
Mutt also includes a usable version in /usr/local/share/examples.  The
ones in /usr/src/crypto/openssl/certs don't work.

I am changing my sample pkg-message to say that there are various
possibilities, such as the ones mentioned above. 
Thank you and apologies.


-- 

Scott Robbins

GPG KeyID EB3467D6
( 1B848 077D 66F6 9DB0 FDC2  A409 FA54 D575 EB34 67D6)
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
Comment 3 Roman Bogorodskiy freebsd_committer freebsd_triage 2007-04-23 18:27:15 UTC 
Hello,

The /etc/ssl/cert.pem comes with security/ca-roots port. I will patch
msmtp to handle that situation tomorrow, thanks for report. 

Roman Bogorodskiy
Comment 4 dfilter service freebsd_committer freebsd_triage 2007-04-27 06:09:36 UTC 
novel       2007-04-27 05:09:30 UTC

  FreeBSD ports repository

  Modified files:
    mail/msmtp           Makefile 
  Added files:
    mail/msmtp/files     patch-doc-msmtp.1 
  Log:
  - Add a dependency on security/ca-roots if using OpenSSL or gnutls
  - Adjust manpage to point to the right SSL keys location
  
  PR:             ports/112011
  Submitted by:   Scott Robbins <scottro@nyc.rr.com>
  
  Revision  Changes    Path
  1.31      +4 -0      ports/mail/msmtp/Makefile
  1.1       +23 -0     ports/mail/msmtp/files/patch-doc-msmtp.1 (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 Roman Bogorodskiy freebsd_committer freebsd_triage 2007-04-27 06:10:09 UTC 
State Changed
From-To: open->closed

Committed, thanks!