Bug 233078 - mail/fetchmail: fails to check server certificates for lack of SNI supports.
Summary: mail/fetchmail: fails to check server certificates for lack of SNI supports.
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Koichiro Iwao
URL: https://bugzilla.redhat.com/show_bug....
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-08 20:05 UTC by fuyuhiko.maruyama
Modified: 2018-11-22 11:57 UTC (History)
4 users (show)

See Also:
chalpin: maintainer-feedback+


Attachments
patch-fetchmail-sni (1.06 KB, text/plain)
2018-11-20 10:35 UTC, Koichiro Iwao
chalpin: maintainer-approval+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description fuyuhiko.maruyama 2018-11-08 20:05:38 UTC
Recently fetchmail shows warnings like below when it accesses to gmail. 

fetchmail: Server certificate verification error: self signed certificate
fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid
fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)


The problem is fixed at upper stream on github below.

https://gitlab.com/fetchmail/fetchmail/commit/9b8b634312f169fab872f3580c2febe5af031615
Comment 1 Koichiro Iwao freebsd_committer 2018-11-20 10:35:27 UTC
Created attachment 199373 [details]
patch-fetchmail-sni

I've created a patch to apply SNI fixes to the port.
Comment 2 Koichiro Iwao freebsd_committer 2018-11-20 10:36:39 UTC
Take, waiting for maintainer approval.
Comment 3 Corey Halpin 2018-11-21 13:47:18 UTC
Comment on attachment 199373 [details]
patch-fetchmail-sni

Looks good to me, passes 'poudriere testport' on 11.2/amd64 both with OpenSSL from base and ports. I approve the patch. Thank you!
Comment 4 commit-hook freebsd_committer 2018-11-22 01:52:53 UTC
A commit references this bug:

Author: meta
Date: Thu Nov 22 01:52:40 UTC 2018
New revision: 485579
URL: https://svnweb.freebsd.org/changeset/ports/485579

Log:
  mail/fetchmail: backport SNI support from upstream

  This affects some servers such as Gmail.

  See also bugs on Linux distributions.
  * https://bugzilla.redhat.com/show_bug.cgi?id=1611815
  * https://bugs.launchpad.net/ubuntu/+source/fetchmail/+bug/1798786

  PR:		233078
  Submitted by:	fuyuhiko.maruyama@gmail.com
  Approved by:	Corey Halpin <chalpin@cs.wisc.edu> (maintainer), mentors (implicit)
  Obtained from:	https://gitlab.com/fetchmail/fetchmail/commit/9b8b634312f169fab872f3580c2febe5af031615
  MFH:		2018Q4

Changes:
  head/mail/fetchmail/Makefile
  head/mail/fetchmail/distinfo
Comment 5 Koichiro Iwao freebsd_committer 2018-11-22 01:58:09 UTC
I'm not sure how to put multiple URLs URL field, sorry for the noise.
Comment 6 commit-hook freebsd_committer 2018-11-22 04:44:03 UTC
A commit references this bug:

Author: meta
Date: Thu Nov 22 04:43:52 UTC 2018
New revision: 485581
URL: https://svnweb.freebsd.org/changeset/ports/485581

Log:
  MFH: r485579

  mail/fetchmail: backport SNI support from upstream

  This affects some servers such as Gmail.

  See also bugs on Linux distributions.
  * https://bugzilla.redhat.com/show_bug.cgi?id=1611815
  * https://bugs.launchpad.net/ubuntu/+source/fetchmail/+bug/1798786

  PR:		233078
  Submitted by:	fuyuhiko.maruyama@gmail.com
  Approved by:	Corey Halpin <chalpin@cs.wisc.edu> (maintainer), mentors (implicit)
  Obtained from:	https://gitlab.com/fetchmail/fetchmail/commit/9b8b634312f169fab872f3580c2febe5af031615

  Approved by:	portmgr (miwi)

Changes:
_U  branches/2018Q4/
  branches/2018Q4/mail/fetchmail/Makefile
  branches/2018Q4/mail/fetchmail/distinfo
Comment 7 Koichiro Iwao freebsd_committer 2018-11-22 04:45:46 UTC
Applied to head and quarterly, thanks!