Bug 226621

Summary: mail/cclient: hostname verification broken
Product: Ports & Packages Reporter: satanist+freebsd
Component: Individual Port(s)Assignee: Thomas Zander <riggs>
Status: Closed FIXED    
Severity: Affects Only Me CC: adam, brnrd, daniel, erik5, freebsd, i.dani, jonaspalm, riggs, w.schwarzenfeld
Priority: --- Keywords: patch, patch-ready
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
updated version of the patch
none
svn diff for mail/cclient brnrd: maintainer-approval?

Description satanist+freebsd 2018-03-15 07:21:57 UTC 
Created attachment 191514 [details]
updated version of the patch

r464076 broke the hostname verification of cclient. Therefor TLS validation isn't posible anymore.

My patch fix the original bug without breaking TLS validation. But a memleak is now present. This happend in some error cases.
Comment 1 Dani I. 2018-03-27 05:16:09 UTC 
@riggs & brnrd: Please take a look at this. This targets multiple ports (like php*-imap extension for example.

Caused by: bug #225885 / ports r464076
Comment 2 Alexey Koscheev 2018-03-27 08:09:44 UTC 
Confirm. After updating cclient php*_imap cannot connect to hosts without "/novalidate-cert".
Comment 3 Bernard Spil freebsd_committer freebsd_triage 2018-10-23 13:00:51 UTC 
Created attachment 198493 [details]
svn diff for mail/cclient

```
mail/cclient: Properly support OpenSSL 1.1

 - Fix hostname CN verification with TLS

PR:		226621
Reported by:	satanist+freebsd bureaucracy de
Obtained from:	Debian packages
```
Comment 4 Adam Bernstein 2019-04-18 20:34:43 UTC 
This bug is critical for some users, and I see it's been untouched for months - is there any hope of getting it finalized?

Or perhaps more to the point, does anyone know if there is a maintainer for this port? Maintainer address is listed only as "ports@freebsd.org", ie. the mailing list, and apparently the original cclient author Mark Crispin has passed away (see comment at https://svnweb.freebsd.org/ports/head/mail/panda-cclient/files/patch-src_osdep_unix_os_bsi.h?view=markup&pathrev=483370), so I wonder.

If there is no maintainer, the fork 'mail/panda-cclient' has already this bug fixed, and AFAICT functions as a perfect drop-in replacement for cclient. Perhaps that suggests a different avenue to pursue? Or at least that the cclient port should be marked as broken and/or unmaintained....
Comment 5 Walter Schwarzenfeld 2019-08-15 14:27:18 UTC 
riggs would you please have a look on this, and commit it, if it is right?
Comment 6 commit-hook freebsd_committer freebsd_triage 2020-03-08 00:49:40 UTC 
A commit references this bug:

Author: riggs
Date: Sun Mar  8 00:48:46 UTC 2020
New revision: 527991
URL: https://svnweb.freebsd.org/changeset/ports/527991

Log:
  Fix hostname verification

  PR:		226621
  Submitted by:	satanist+freebsd@bureaucracy.de
  Reviewed by:	brnrd

Changes:
  head/mail/cclient/Makefile
  head/mail/cclient/files/patch-src_osdep_unix_ssl__unix.c