On Tue, May 29, 2012 at 6:55 PM, John Jetmore <j...@pobox.com> wrote: > On Tue, May 29, 2012 at 2:38 PM, Andreas Metzler > <ametz...@downhill.at.eu.org> wrote: > >> I think you need a rather new OpenSSL to show the bug. - With openssl >> s_client (and GnuTLS) there are problems with this server if the >> client tries to use TLS1.1 or TLS1.2. >> >> See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674990#35
It's not just the newer openssl, it's some interaction between openssl and Net::SSLeay. I installed activestate perl on an unstable box, running an older Net::SSLeay (1.36) and it was able to connect to the .jp server without any errors. > [...] but lack of > error checking in swaks is the cause of the seg fault. The funny > thing is I refactored some TLS stuff for the next release and, while > doing so, added a bunch of error checking. If I test this server with > the latest swaks in SVN I get this instead of the segfault: > > -> STARTTLS > <- 220 Go ahead > *** TLS startup failed (error:00000000:lib(0):func(0):reason(0)) > *** STARTTLS attempted but failed > -> QUIT > > I'll spend some time seeing if I can get a more descriptive error, but > I think the basic part of the fix is already there. I sent some time banging on this, and added some more error checking on general principle, but the error above is the best I can get right now for some reason, and I think it's likely related to the larger "why can't this combination of perl/openssl/Net::SSLeay negotiate a TLSv1 connection with that server" issue. I say that because I do get meaningful errors out Net::SSLeay on other connect failures. For instance, here's an attempt at tls-on-connect with a non-tls server: jetmore@lappy-vm2:~$ ./swaks -tlsc -p 25 -s g3 -q helo === Trying g3:25... === Connected to g3. *** TLS startup failed (connect(): error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) And the same error response trying to connect to the server in question: jetmore@lappy-vm2:~$ ./swaks -q tls -s smtp.jaist.ac.jp -p 587 -tls [...] *** TLS startup failed (connect(): error:00000000:lib(0):func(0):reason(0)) Other than saying "it won't segfault in the next release", not sure what else to do here (though I'm open to suggestions if I'm overlooking something). --John -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
