Opened 4 years ago

Closed 3 years ago

#61994 closed defect (invalid)

msmtp cannot get TLS certificate info

Reported by: fdik (Volker Birk) Owned by: ra1nb0w
Priority: Normal Milestone:
Component: ports Version: 2.6.4
Keywords: Cc: fdik (Volker Birk)
Port: msmtp

Description

With update to macOS Big Sur msmtp broke when checking server certificates. Sample:

% msmtp --serverinfo --host=smtp.gmail.com --tls=on --tls-starttls=on --tls-certcheck=off --port 587
msmtp: cannot get TLS certificate info: error getting SHA256 fingerprint

Expected is this (sample from Linux box, formerly the same on macOS with MacPorts):

$ msmtp --serverinfo --host=smtp.gmail.com --tls=on --tls-starttls=on --tls-certcheck=off --port 587
SMTP server at smtp.gmail.com (wq-in-f109.1e100.net [74.125.140.109]), port 587:
    smtp.gmail.com ESMTP g5sm579227wro.60 - gsmtp
TLS session parameters:
    (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
TLS certificate information:
    Owner:
        Common Name: smtp.gmail.com
        Organization: Google LLC
        Locality: Mountain View
        State or Province: California
        Country: US
    Issuer:
        Common Name: GTS CA 1O1
        Organization: Google Trust Services
        Country: US
    Validity:
        Activation time: Tue 15 Dec 2020 03:48:07 PM CET
        Expiration time: Tue 09 Mar 2021 03:48:06 PM CET
    Fingerprints:
        SHA256: EF:2C:8E:10:AE:F0:39:F3:7B:3E:6A:8E:60:0D:20:F2:F6:91:38:59:66:03:DC:FF:52:A2:40:1C:BF:93:CA:20
        SHA1 (deprecated): 53:2B:8F:2B:2B:96:87:3E:39:61:7C:EA:A5:4D:9F:9B:B4:6E:62:FE
Capabilities:
    SIZE 35882577:
        Maximum message size is 35882577 bytes = 34.22 MiB
    PIPELINING:
        Support for command grouping for faster transmission
    STARTTLS:
        Support for TLS encryption via the STARTTLS command
    AUTH:
        Supported authentication methods:
        PLAIN LOGIN

Change History (8)

comment:1 Changed 4 years ago by neverpanic (Clemens Lang)

Owner: set to ra1nb0w
Status: newassigned

comment:2 Changed 4 years ago by ra1nb0w

It is a failure in gnutls_x509_crt_get_fingerprint() and therefore related to gnutls. Just as information, do you have curl-ca-bundle installed?

comment:3 Changed 4 years ago by samuelharmer (Samuel Harmer)

Seeing the same issue on FreeBSD. Raised with msmtp.

https://github.com/marlam/msmtp-mirror/issues/43

comment:4 Changed 4 years ago by ra1nb0w

thank you samuelharmer. I follow that issue.

comment:5 Changed 3 years ago by jmroot (Joshua Root)

Cc: ra1nb0w@… removed
Component: contribports
Keywords: msmtp tls certificate removed

comment:6 Changed 3 years ago by ra1nb0w

Can I close this since msmtp is not the problem?

comment:7 Changed 3 years ago by ra1nb0w

close this since it is not msmtp related. anyway, thank you for reporting.

comment:8 Changed 3 years ago by ra1nb0w

Resolution: invalid
Status: assignedclosed
Note: See TracTickets for help on using tickets.