Comment 9 for bug 1834340

Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote : Re: Possible regression on libssl upgrade when using TLSv1.3

Regression testing
------------------

This consists in crawling the 'emailconfiguration <dot> com'
website with 'googler' and parsing the IMAP/POP servers with
SSL encryption from the results/website pages. Test scripts
are attached in a tarball.

$ mkdir testing
$ cd testing

$ ~/get-email-config-links.sh && ~/get-email-config-pages.sh && ~/get-email-config-servers.sh

Number of results from googler:

$ wc -l email-config.links
299 email-config.links

$ ls -1 email-config.page_* | wc -l
299

Number of found pages + SSL servers:

$ wc -l email-config.servers
265 email-config.servers

Number of unique SSL servers:

$ sort -u email-config.servers | wc -l
167

There are only 167 unique servers from a list
of 299 providers because some of the provider
pages are not found in the website, less some
providers which have the same server address
for multiple domains listed as different pages
in the website.

eoan
====

$ lsb_release -ds
Ubuntu Eoan Ermine (development branch)

dependencies
------------

$ sudo apt-get install uw-mailutils php7.2-cli php7.2-imap

original package
----------------

$ dpkg -s libc-client2007e | grep Version:
Version: 8:2007f~dfsg-6

$ mkdir orig-pkg
$ (cd orig-pkg && ~/try-email-config-servers.sh ../ && ~/normalize-email-config-servers-log.sh)

modified package
----------------

$ dpkg -s libc-client2007e | grep Version:
Version: 8:2007f~dfsg-6ubuntu1

$ mkdir test-pkg
$ (cd test-pkg && ~/try-email-config-servers.sh ../ && ~/normalize-email-config-servers-log.sh)

comparison
----------

Summary: imap.gmail.com, imap.mail.att.net, and inbound.att.net
have certificate failures with the original package, and either
reach the username prompt (mailutil check) or errors due to the
authentication errors (php -r imap_open) with the test package.

Some other servers have false negatives because of connection
timeouts or other failures but after more attempts eventually
show consistent behavior (no change).

$ diff -ur orig-pkg/ test-pkg/ | grep -v -e ^@@ -e ^--- -e ^+++ | sed 's/^diff/\ndiff/'

diff -ur orig-pkg/email-config.servers.log.imap.gmail.com_993.mailutil test-pkg/email-config.servers.log.imap.gmail.com_993.mailutil
-Certificate failure for imap.gmail.com: self signed certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid
-Certificate failure for imap.gmail.com: self signed certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid
+{SERVER} username:
\ No newline at end of file

diff -ur orig-pkg/email-config.servers.log.imap.gmail.com_993.php-imap test-pkg/email-config.servers.log.imap.gmail.com_993.php-imap
 PHP Warning: imap_open(): Couldn't open stream {imap.gmail.com:993/imap/ssl}INBOX in Command line code on line 1
-PHP Notice: Unknown: Certificate failure for imap.gmail.com: self signed certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid (errflg=2) in Unknown on line 0
+PHP Notice: Unknown: Retrying PLAIN authentication after [ALERT] Invalid credentials (Failure) (errflg=1) in Unknown on line 0
+PHP Notice: Unknown: Retrying PLAIN authentication after [ALERT] Invalid credentials (Failure) (errflg=1) in Unknown on line 0
+PHP Notice: Unknown: Can not authenticate to IMAP server: [ALERT] Invalid credentials (Failure) (errflg=2) in Unknown on line 0

diff -ur orig-pkg/email-config.servers.log.imap.mail.att.net_993.mailutil test-pkg/email-config.servers.log.imap.mail.att.net_993.mailutil
-Certificate failure for imap.mail.att.net: Hostname mismatch: /C=US/ST=California/L=Sunnyvale/O=Oath Inc/CN=*.imap.mail.yahoo.com
-Certificate failure for imap.mail.att.net: Hostname mismatch: /C=US/ST=California/L=Sunnyvale/O=Oath Inc/CN=*.imap.mail.yahoo.com
+{SERVER} username:
\ No newline at end of file

diff -ur orig-pkg/email-config.servers.log.imap.mail.att.net_993.php-imap test-pkg/email-config.servers.log.imap.mail.att.net_993.php-imap
 PHP Warning: imap_open(): Couldn't open stream {imap.mail.att.net:993/imap/ssl}INBOX in Command line code on line 1
-PHP Notice: Unknown: Certificate failure for imap.mail.att.net: Hostname mismatch: /C=US/ST=California/L=Sunnyvale/O=Oath Inc/CN=*.imap.mail.yahoo.com (errflg=2) in Unknown on line 0
+PHP Notice: Unknown: Retrying PLAIN authentication after [AUTHENTICATIONFAILED] AUTHENTICATE Invalid credentials (errflg=1) in Unknown on line 0
+PHP Notice: Unknown: Retrying PLAIN authentication after [LIMIT] AUTHENTICATE Rate limit hit. (errflg=1) in Unknown on line 0
+PHP Notice: Unknown: Can not authenticate to IMAP server: [LIMIT] AUTHENTICATE Rate limit hit. (errflg=2) in Unknown on line 0

diff -ur orig-pkg/email-config.servers.log.inbound.att.net_995.mailutil test-pkg/email-config.servers.log.inbound.att.net_995.mailutil
-Certificate failure for inbound.att.net: Hostname mismatch: /C=US/ST=California/L=Sunnyvale/O=Oath Inc/CN=legacy.pop.mail.yahoo.com
+{SERVER} username:
\ No newline at end of file

diff -ur orig-pkg/email-config.servers.log.inbound.att.net_995.php-imap test-pkg/email-config.servers.log.inbound.att.net_995.php-imap
 PHP Warning: imap_open(): Couldn't open stream {inbound.att.net:995/pop3/ssl}INBOX in Command line code on line 1
-PHP Notice: Unknown: Certificate failure for inbound.att.net: Hostname mismatch: /C=US/ST=California/L=Sunnyvale/O=Oath Inc/CN=legacy.pop.mail.yahoo.com (errflg=2) in Unknown on line 0
+PHP Notice: Unknown: Can not authenticate to POP3 server: POP3 connection broken in response (errflg=2) in Unknown on line 0

disco
=====

$ lsb_release -cs
disco

$ dpkg -s libc-client2007e | grep Version:
Version: 8:2007f~dfsg-5build1

and

$ dpkg -s libc-client2007e | grep Version:
Version: 8:2007f~dfsg-5ubuntu0.19.04.1

Same results.

bionic
=====

$ lsb_release -cs
bionic

$ dpkg -s libc-client2007e | grep Version:
Version: 8:2007f~dfsg-5build1

and

$ dpkg -s libc-client2007e | grep Version:
Version: 8:2007f~dfsg-5ubuntu0.18.04.1

Same results.