Bug#461046: uw-imapd: SSL/TLS certificate detection broken with ipv6

Wed, 16 Jan 2008 02:14:47 -0800 

Package: uw-imapd
Version: 7:2006j2.dfsg-3
Severity: important


With uw-imapd, when you connect for ssl or tls, it first checks for a 
certificate based on the ip address connected to, then falls back to a 
default certificate.

For an ipv4 connection to 192.168.1.5, it checks for:
        /etc/ssl/certs/imapd-192.168.1.5.pem
        /etc/ssl/certs/imapd.pem
picking the first one that it finds.

For ipv6 with 2006f.dfsg-1, it correctly checked for a certificate based
on the ipv6 address connected to, then fell back to the default one. So, 
for a connection to 2001:8b0:c5:1::21, it checked:
        /etc/ssl/certs/imapd-2001:8b0:c5:1::21.pem
        /etc/ssl/certs/imapd.pem

With 2006j2.dfsg-3, this has been broken. For ipv4 connections, things 
work as before. For an ipv6 connection to 2001:8b0:c5:1::21, it checks:
        /etc/ssl/certs/imapd-NON-IPv4.pem
        /etc/ssl/certs/imapd.pem

So multi-homing with ssl/tls continues to work fine for ipv4, but is 
broken for ipv6, as the wrong certificates are handed out

Nick

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable'), (200, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22-3-686
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)

Versions of packages uw-imapd depends on:
ii  deb 1.5.11etch1                          Debian configuration management sy
ii  lib 7:2006j2.dfsg-3                      UW c-client library for mail proto
ii  lib 2.7-5                                GNU C Library: Shared libraries
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii  lib 1.6.dfsg.3~beta1-2                   MIT Kerberos runtime libraries
ii  lib 0.79-5                               Runtime support for the PAM librar
ii  lib 0.99.7.1-5                           Pluggable Authentication Modules l
ii  lib 0.9.8g-3                             SSL shared libraries
ii  ope 0.20050402-6                         The OpenBSD Internet Superserver
ii  ope 0.9.8c-4etch1                        Secure Socket Layer (SSL) binary a

Versions of packages uw-imapd recommends:
ii  exim4                         4.63-17    metapackage to ease exim MTA (v4) 
ii  exim4-daemon-heavy [mail-tran 4.63-17    exim MTA (v4) daemon with extended

-- debconf information:
* uw-imapd/force_debconf_choice: false
* uw-imapd/protocol: imap2, imaps



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to