Fetchmail 6.3.26-lp152.5.8 openSUSE-Leap-15.2-1
Hi there, excuse me, if I' m asking at the wrong place. Apparently there is a bug in current Fetchmail (6.3.26-lp152.5.8) installed with openSUSE-Leap-15.2-1, which causes TLS to fail especially with Gmail servers: fetchmail: Server CommonName mismatch: invalid2.invalid != pop.gmail.com fetchmail: Server certificate verification error: self signed certificate fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid As reported elsewhere: https://bugs.archlinux.org/task/60038 <https://bugs.archlinux.org/task/60038> https://bugs.gentoo.org/697030 <https://bugs.gentoo.org/697030> There is patch from RedHat which could be applied on fetchmail-6.3.26: https://bugzilla.redhat.com/show_bug.cgi?id=1611815 Other (better?) "fix" would be to bump fetchmail to 6.4.x where this issue is resolved? I could provide a complete bug report if needed. Best regards Zsolt -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin https://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Amtsgericht Berlin-Charlottenburg - HRB 93818 B Geschäftsführer: Peer Heinlein - Sitz: Berlin
On 26/02/2021 12.36, Zsolt Barat wrote:
Hi there,
excuse me, if I' m asking at the wrong place.
Apparently there is a bug in current Fetchmail (6.3.26-lp152.5.8) installed with openSUSE-Leap-15.2-1, which causes TLS to fail especially with Gmail servers:
fetchmail: Server CommonName mismatch: invalid2.invalid != pop.gmail.com fetchmail: Server certificate verification error: self signed certificate fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid
I think I hit this in one laptop, with Alpine, not fetchmail. I have to verify more carefully. But please notice that this is the wrong mail list for Leap issues. Reply-to set accordingly. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On Fri, Feb 26, 2021 at 12:36:43PM +0100, Zsolt Barat wrote:
Hi there,
excuse me, if I' m asking at the wrong place.
Apparently there is a bug in current Fetchmail (6.3.26-lp152.5.8) installed with openSUSE-Leap-15.2-1, which causes TLS to fail especially with Gmail servers:
fetchmail: Server CommonName mismatch: invalid2.invalid != pop.gmail.com fetchmail: Server certificate verification error: self signed certificate fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid
As reported elsewhere: https://bugs.archlinux.org/task/60038 <https://bugs.archlinux.org/task/60038> https://bugs.gentoo.org/697030 <https://bugs.gentoo.org/697030>
There is patch from RedHat which could be applied on fetchmail-6.3.26: https://bugzilla.redhat.com/show_bug.cgi?id=1611815
Other (better?) "fix" would be to bump fetchmail to 6.4.x where this issue is resolved? I could provide a complete bug report if needed.
You probably see what this is missing from above urls. A SUSE bugreport. Can you open one? Its likely a 1 liner fix in the end. Ciao, Marcus
Am 26.02.21 um 13:16 schrieb Marcus Meissner:
On Fri, Feb 26, 2021 at 12:36:43PM +0100, Zsolt Barat wrote:
Hi there,
excuse me, if I' m asking at the wrong place.
Apparently there is a bug in current Fetchmail (6.3.26-lp152.5.8) installed with openSUSE-Leap-15.2-1, which causes TLS to fail especially with Gmail servers:
fetchmail: Server CommonName mismatch: invalid2.invalid != pop.gmail.com fetchmail: Server certificate verification error: self signed certificate fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid
As reported elsewhere: https://bugs.archlinux.org/task/60038 <https://bugs.archlinux.org/task/60038> https://bugs.gentoo.org/697030 <https://bugs.gentoo.org/697030>
There is patch from RedHat which could be applied on fetchmail-6.3.26: https://bugzilla.redhat.com/show_bug.cgi?id=1611815
Other (better?) "fix" would be to bump fetchmail to 6.4.x where this issue is resolved? I could provide a complete bug report if needed. You probably see what this is missing from above urls.
A SUSE bugreport.
Can you open one?
OK, I will open a SUSE-bugreport.
Its likely a 1 liner fix in the end.
13 lines according to this patch ;). https://gitlab.com/fetchmail/fetchmail/commit/9b8b634312f169fab872f3580c2feb... Best regards Zsolt
Ciao, Marcus
-- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin https://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Amtsgericht Berlin-Charlottenburg - HRB 93818 B Geschäftsführer: Peer Heinlein - Sitz: Berlin
On Fri, Feb 26, 2021 at 10:09 AM Zsolt Barat <z.barat@heinlein-support.de> wrote:
Its likely a 1 liner fix in the end.
13 lines according to this patch ;).
https://gitlab.com/fetchmail/fetchmail/commit/9b8b634312f169fab872f3580c2feb...
A one liner with extra error handling. I knew that bugged clients remained in existence but innocently thought common tried-and-true tools like this didn't need to be reviewed.
Am 26.02.21 um 13:16 schrieb Marcus Meissner:
On Fri, Feb 26, 2021 at 12:36:43PM +0100, Zsolt Barat wrote:
Hi there,
excuse me, if I' m asking at the wrong place.
Apparently there is a bug in current Fetchmail (6.3.26-lp152.5.8) installed with openSUSE-Leap-15.2-1, which causes TLS to fail especially with Gmail servers:
fetchmail: Server CommonName mismatch: invalid2.invalid != pop.gmail.com fetchmail: Server certificate verification error: self signed certificate fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid
As reported elsewhere: https://bugs.archlinux.org/task/60038 <https://bugs.archlinux.org/task/60038> https://bugs.gentoo.org/697030 <https://bugs.gentoo.org/697030>
There is patch from RedHat which could be applied on fetchmail-6.3.26: https://bugzilla.redhat.com/show_bug.cgi?id=1611815
Other (better?) "fix" would be to bump fetchmail to 6.4.x where this issue is resolved? I could provide a complete bug report if needed. You probably see what this is missing from above urls.
A SUSE bugreport.
Bugreport: https://bugzilla.opensuse.org/show_bug.cgi?id=1182807 Best regards Zsolt -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin https://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Amtsgericht Berlin-Charlottenburg - HRB 93818 B Geschäftsführer: Peer Heinlein - Sitz: Berlin
participants (4)
-
Carlos E.R. -
Cristian Rodríguez -
Marcus Meissner -
Zsolt Barat