:: [devuan-dev] bug#880: marked as don…
Góra strony
Wiadomość jest częścią wątku:
Mpełne drzewo wątku posortowane wg daty
 
 
Delete this message
Reply to this message
Autor: Devuan bug Tracking System
Data:  
Dla: Mark Hindley
Temat: [devuan-dev] bug#880: marked as done (libnet-imap-simple-ssl-perl: IMAP SSL connection not possible)
Your message dated Tue, 18 Mar 2025 16:58:50 +0000
with message-id <Z9mmSgNvEcQJCjCH@???>
and subject line Re: [devuan-dev] bug#880: libnet-imap-simple-ssl-perl: IMAP SSL connection not possible
has caused the Devuan bug report #880,
regarding libnet-imap-simple-ssl-perl: IMAP SSL connection not possible
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@???
immediately.)


--
880: https://bugs.devuan.org/cgi/bugreport.cgi?bug=880
Devuan Bug Tracking System
Contact owner@??? with problems
Package: libnet-imap-simple-ssl-perl
Version: 1.3-5
Severity: normal

Hoi.

I am unable to establish a connection with IMAP servers: 

    :-F cat /tmp/imap-connect-test.pl                   
    #!/usr/bin/perl

     
    use Net::IMAP::Simple::SSL;

     
    Net::IMAP::Simple::SSL->new("imap.gmx.net:993", ssl_version=>"TLSv1") 
        or die("cannot connect to server\n"); 



    :-F perl /tmp/imap-connect-test.pl                  
    cannot connect to server



However, with Openssl I can: 

    :-F openssl s_client -quiet -connect imap.gmx.net:993
    depth=2 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
    verify return:1
    depth=1 C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security ServerID OV Class 2 CA
    verify return:1
    depth=0 C = DE, ST = Rheinland-Pfalz, L = Montabaur, O = 1&1 Mail & Media GmbH, CN = mail.gmx.net
    verify return:1
    * OK [CAPABILITY IMAP4rev1 CHILDREN ENABLE ID IDLE LIST-EXTENDED LIST-STATUS LITERAL- MOVE NAMESPACE SASL-IR SORT SPECIAL-USE THREAD=ORDEREDSUBJECT UIDPLUS UNSELECT WITHIN AUTH=LOGIN AUTH=PLAIN] IMAP server ready H migmx112 30.1 IMAP-1MiMV4-1tIcRX2vNm-00flL5
    a logout
    * BYE Server logging out
    a OK LOGOUT completed



I have debugged the problem for days, but cannot find out what the
problem is.

The background: I have qpsmtpd with auth_imap, to authenticate users
against a Dovecot backend, all running locally.

When trying to connect to the local Dovecot server (localhost:993) I
get this message in the logfile: 

    dovecot: imap-login: Disconnected: Connection closed:
    SSL_accept() failed: error:0A000076:SSL routines::no suitable signature
    algorithm (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, TLS
    handshaking: SSL_accept() failed: error:0A000076:SSL routines::no
    suitable signature algorithm,
    session=<pqzOP5cwmtMAAAAAAAAAAAAAAAAAAAAB>


Openssl, again, works as expected.

In Dovecot I have allowed all SSL versions and ciphers: 

    ssl_min_protocol = ANY
    ssl_cipher_list = ALL



The problem seems to be specific to Devuan -- or to my system --
the above example code works for a friend, running it on Debian
stable, which seems to have the identical version of the package.

My system is a fresh installation of Devuan stable.


Could you please check if it is a Devuan problem.

If not: Any clues how to solve it? ;-)

Thanks.


meillo 



-- System Information:
Distributor ID:    Devuan
Description:    Devuan GNU/Linux 5 (daedalus)
Release:    5
Codename:    daedalus
Architecture: x86_64


Kernel: Linux 6.1.0-31-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled 

Versions of packages libnet-imap-simple-ssl-perl depends on:
ii  libio-socket-ssl-perl    2.081-2
ii  libnet-imap-simple-perl  1.2211-1
ii  perl                     5.36.0-7+deb12u1


libnet-imap-simple-ssl-perl recommends no packages.

libnet-imap-simple-ssl-perl suggests no packages.

-- no debconf information
Markus,

On Tue, Mar 18, 2025 at 05:02:38PM +0100, markus schnalke wrote:
> Package: libnet-imap-simple-ssl-perl

This is not a forked package (none of perl is) so I would be astonished if this
is Devuan specific.

> Version: 1.3-5
> Severity: normal
>
> Hoi.
>
> I am unable to establish a connection with IMAP servers:
> 
>     :-F cat /tmp/imap-connect-test.pl                   
>     #!/usr/bin/perl

>      
>     use Net::IMAP::Simple::SSL;

>      
>     Net::IMAP::Simple::SSL->new("imap.gmx.net:993", ssl_version=>"TLSv1") 
>         or die("cannot connect to server\n");

For me, specifying TLSv1_2 or TLSv1_3 works. I suspect the server doesn't accept TLSv1.

> However, with Openssl I can:
> 
>     :-F openssl s_client -quiet -connect imap.gmx.net:993

This is comparing different protocols.

If you do

openssl s_client -quiet -connect imap.gmx.net:993 -tls1

you will get a protocol error which matches the perl TLSv1 error above.

Mark
Wiadomość została wysłana do następujących list mailowych:
devuan-dev
Informacja o liście mailowej | Najbliższe wiadomości		<-[devuan-dev] bug#880: libnet-imap-simple-ssl-perl: IMAP SSL connection not possible[devuan-dev] Version of base-installer changed in Devuan excalibur->

Donate to Dyne.org

dyne.org open discussions
administrowana przez dyne.org hackers		Lurker (wersja 2.3)