Sylpheed not (or no longer) using SNI for SSL connections
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sylpheed (Debian) |
Fix Released
|
Unknown
|
|||
sylpheed (Ubuntu) |
Fix Released
|
Medium
|
Dan Streetman | ||
Bionic |
Fix Released
|
Medium
|
Dan Streetman | ||
Disco |
Fix Released
|
Medium
|
Dan Streetman | ||
Eoan |
Fix Released
|
Medium
|
Dan Streetman |
Bug Description
[impact]
IMAP connection to imap.gmail.com over SSL returns self-signed certificate. Though you can still connect to imap.gmail.com using this certificate, it would be better to fix it to avoid this scary warning (self-signed certificate) and provide a smoother user experience.
[Test Case]
Create IMAP account for gmail.com in sylpheed. To do this, select "Create new account" from the "Configuration" in the main menu. "New account setup" window will appear. Select "IMAP4 (Gmail)" and follow instructions in that window. After setup is finished check for new email for newly created account. You should get a warning complaining about self-signed certificate.
With fixed package, try the same. This time you should not get the warning.
[regression potential]
low, as this only sets SNI, however any regression would likely result in SSL connection failures.
[other info]
for Bionic, this is almost certainly a regression caused by the openssl upgrade to 1.1.
for Disco and Eoan, this functionality likely has never worked, as we haven't synced this package from Debian since Bionic.
Debian does have this patch as noted in the Affects section.
---
Original Description
-------
Problem appeared after upgrading from Ubuntu 18.04 to 18.10.
When starting Sylpheed, connecting to imap.gmail.com over SSL, I get a warning embedded in the SSL certificate: "Subject: /OU=No SNI provided; please fix your client.
May be related to this bug report about 'fetchmail' in redhat enterprise when it was still using TLSv1.2 instead of TLSv1.3:
https:/
https:/
ProblemType: Bug
DistroRelease: Ubuntu 18.10
Package: sylpheed 3.5.1-1ubuntu3
ProcVersionSign
Uname: Linux 4.18.0-10-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.10-0ubuntu13
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Oct 23 00:27:01 2018
InstallationDate: Installed on 2016-06-05 (869 days ago)
InstallationMedia: Xubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
SourcePackage: sylpheed
UpgradeStatus: Upgraded to cosmic on 2018-10-21 (1 days ago)
modified.
mtime.conffile.
description: | updated |
no longer affects: | sylpheed |
description: | updated |
tags: | added: regression-update |
description: | updated |
Changed in sylpheed (Ubuntu Eoan): | |
importance: | Undecided → Medium |
Changed in sylpheed (Ubuntu Disco): | |
importance: | Undecided → Medium |
Changed in sylpheed (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in sylpheed (Ubuntu Eoan): | |
status: | Triaged → In Progress |
Changed in sylpheed (Ubuntu Disco): | |
status: | New → In Progress |
Changed in sylpheed (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in sylpheed (Ubuntu Eoan): | |
assignee: | nobody → Dan Streetman (ddstreet) |
Changed in sylpheed (Ubuntu Bionic): | |
assignee: | nobody → Dan Streetman (ddstreet) |
Changed in sylpheed (Ubuntu Disco): | |
assignee: | nobody → Dan Streetman (ddstreet) |
tags: | added: bionic-openssl-1.1 |
Changed in sylpheed (Debian): | |
status: | Unknown → Fix Released |
tags: |
added: verification-done-bionic removed: verification-needed-bionic |
There is an upstream bug report with a patch, though it's not released yet: /sylpheed. sraoss. jp/redmine/ issues/ 306
https:/