To OpenBSD ports list and MAINTAINER Amit Kulkarni, After I did sysupgrade today, Sylpheed can't connect to imap.gmail.com. It uses TLSv1.3 (sylpheed --debug) and shows a dialog box with a self-signed certificate for an invalid host. The cert tells me to enable SNI in my client. I then reject the certificate. Recent changes in OpenBSD seem to have enabled TLSv1.3 in libssl.
I fixed it with this patch from Sylpheed's bug tracker, also in Debian: https://sources.debian.org/patches/sylpheed/3.7.0-5/0009-support-SNI-for-IMAP.patch/ Amit, I see that you have GMail; does your Sylpheed work? This isn't where I expected to make my first commit, but is this OK to commit? --George Koehler Index: Makefile =================================================================== RCS file: /cvs/ports/mail/sylpheed/Makefile,v retrieving revision 1.125 diff -u -p -r1.125 Makefile --- Makefile 12 Jul 2019 20:47:38 -0000 1.125 +++ Makefile 26 Jan 2020 22:58:40 -0000 @@ -3,7 +3,7 @@ COMMENT = lightweight and user-friendly e-mail client DISTNAME = sylpheed-3.7.0 -REVISION = 4 +REVISION = 5 SHARED_LIBS += sylph-0 4.1 # 4.0 SHARED_LIBS += sylpheed-plugin-0 4.0 # 4.0 Index: patches/patch-libsylph_ssl_c =================================================================== RCS file: patches/patch-libsylph_ssl_c diff -N patches/patch-libsylph_ssl_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-libsylph_ssl_c 26 Jan 2020 22:58:40 -0000 @@ -0,0 +1,20 @@ +$OpenBSD$ + +Use SNI; fixes TLSv1.3 to imap.gmail.com. +Patch from Antonio Ospite, +https://sylpheed.sraoss.jp/redmine/issues/306#note-3 + +Index: libsylph/ssl.c +--- libsylph/ssl.c.orig ++++ libsylph/ssl.c +@@ -258,6 +258,10 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinf + return FALSE; + } + ++#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME ++ SSL_set_tlsext_host_name(sockinfo->ssl, sockinfo->hostname); ++#endif ++ + SSL_set_fd(sockinfo->ssl, sockinfo->sock); + while ((ret = SSL_connect(sockinfo->ssl)) != 1) { + err = SSL_get_error(sockinfo->ssl, ret);
