Re: [exim-dev] 4.80 final?

Top Pagina
Delete this message
Reply to this message
Auteur: Wolfgang Breyha
Datum:  
Aan: exim-dev, Phil Pennock
Onderwerp: Re: [exim-dev] 4.80 final?
Hi!

On 2012-05-26 05:41, Phil Pennock wrote:
> Wolfgang's patch fixing my Cyrus SASL mistake is in head. Anyone object
> to the next cut being 4.80 instead of RC6?
>
> If all goes well, I'll cut on Sunday, just to leave tomorrow for finding
> any remaining issues.


Sorry, it's me again;-)

I had 4.77 running with gnutls but tried 4.80 with openssl 0.9.8x until
today....

I've built gnutls 2.12.19 from source. I build exim as before. If I try to
connect with thunderbird from Fedora 16 it fails to connect and exim logs:
...(gnutls_handshake): A TLS packet with unexpected length was received.

Searching in older Logs my Thunderbird connected with
X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32
to 4.77 with gnutls.

The server uses a self-signed certificate.


Same for gnutls-cli or openssl s_client. Both fail to negotiate a TLS
session using STARTTLS.

gnutls-cli (2.12.14-fc16) fails with
*** Starting TLS handshake
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed

Connecting with openssl s_client shows an extensive amount of
25626 LOG: MAIN PANIC DIE
25626 string_format: unsupported type in "%z" in "tls_do_write(%p, %zu)
25626 "
in exim debug output.

gnutls-cli -v 255 shows:
starttls
220 TLS go ahead
*** Starting TLS handshake
|<2>| ASSERT: gnutls_constate.c:695
|<4>| REC[0x969a860]: Allocating epoch #1
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256
|<3>| HSK[0x969a860]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256
|<3>| HSK[0x969a860]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x969a860]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<2>| EXT[0x969a860]: Sending extension SERVER NAME (20 bytes)
|<2>| EXT[0x969a860]: Sending extension SAFE RENEGOTIATION (1 bytes)
|<2>| EXT[0x969a860]: Sending extension SESSION TICKET (0 bytes)
|<2>| EXT[SIGA]: sent signature algo (4.2) DSA-SHA256
|<2>| EXT[SIGA]: sent signature algo (4.1) RSA-SHA256
|<2>| EXT[SIGA]: sent signature algo (2.1) RSA-SHA1
|<2>| EXT[SIGA]: sent signature algo (2.2) DSA-SHA1
|<2>| EXT[0x969a860]: Sending extension SIGNATURE ALGORITHMS (10 bytes)
|<3>| HSK[0x969a860]: CLIENT HELLO was sent [140 bytes]
|<6>| BUF[HSK]: Inserted 140 bytes of Data
|<7>| HWRITE: enqueued 140. Total 140 bytes.
|<7>| HWRITE FLUSH: 140 bytes in buffer.
|<4>| REC[0x969a860]: Sending Packet[0] Handshake(22) with length: 140
|<7>| WRITE: enqueued 145 bytes for 0x5. Total 145 bytes.
|<4>| REC[0x969a860]: Sent Packet[1] Handshake(22) with length: 145
|<7>| HWRITE: wrote 140 bytes, 0 bytes left.
|<7>| WRITE FLUSH: 145 bytes in buffer.
|<7>| WRITE: wrote 145 bytes, 0 bytes left.
|<7>| READ: Got 0 bytes from 0x5
|<7>| READ: read 0 bytes from 0x5
|<2>| ASSERT: gnutls_buffers.c:640
|<2>| ASSERT: gnutls_record.c:969
|<2>| ASSERT: gnutls_handshake.c:2762
|<6>| BUF[HSK]: Cleared Data from buffer
*** Fatal error: A TLS packet with unexpected length was received.
|<4>| REC: Sending Alert[2|22] - Record overflow
|<4>| REC[0x969a860]: Sending Packet[1] Alert(21) with length: 2
|<7>| WRITE: enqueued 7 bytes for 0x5. Total 7 bytes.
|<7>| WRITE FLUSH: 7 bytes in buffer.
|<7>| WRITE: wrote 7 bytes, 0 bytes left.
|<4>| REC[0x969a860]: Sent Packet[2] Alert(21) with length: 7
*** Handshake has failed

Am I doing something terrible wrong?

Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> | http://www.blafasel.at/
Vienna University Computer Center | Austria