Package: libnet-smtp-tls-perl
Version: 0.12-4
Severity: important
Tags: patch
Hi,
after upgrading to Debian 12, some of our tooling fell over with
| Couldn't start TLS: hostname verification failed
Turns out, Net::SMTP::TLS does not provide the hostname to
the code that in the end tries to verify the CN, so that
code in turn ends up using the socket endpoint IP address.
To reproduce:
weasel@gander:~$ perl -MNet::SMTP::TLS -e '$smtp =
Net::SMTP::TLS->new("mailly.debian.org")'
Couldn't start TLS: hostname verification failed
at -e line 1.
This seems like it might be a sane fix:
--- TLS.pm 2025-04-28 14:22:13.523427780 +0200
+++ /usr/share/perl5/Net/SMTP/TLS.pm 2025-04-28 14:22:24.631519263 +0200
@@ -178,7 +178,7 @@
if(not $num == 220){
croak "Invalid response for STARTTLS: $num $txt\n";
}
- if(not IO::Socket::SSL::socket_to_SSL($me->{sock})){
+ if(not IO::Socket::SSL::socket_to_SSL($me->{sock},
SSL_verifycn_name=>$me->{Host})){
croak "Couldn't start TLS:
".IO::Socket::SSL::errstr."\n";
}
$me->hello();
in sub starttls.
With that patch applied, things work:
weasel@gander:~$ perl -MNet::SMTP::TLS -e '$smtp =
Net::SMTP::TLS->new("mailly.debian.org")'
weasel@gander:~$
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/
