[exim-dev] [Bug 2359] New: GnuTLS breakage with outgoing TLS…

Góra strony
Delete this message
Reply to this message
Autor: admin
Data:  
Dla: exim-dev
Nowe tematy: [exim-dev] [Bug 2359] GnuTLS breakage with outgoing TLS 1.3, [exim-dev] [Bug 2359] GnuTLS breakage with outgoing TLS 1.3
Temat: [exim-dev] [Bug 2359] New: GnuTLS breakage with outgoing TLS 1.3
https://bugs.exim.org/show_bug.cgi?id=2359

            Bug ID: 2359
           Summary: GnuTLS breakage with outgoing TLS 1.3
           Product: Exim
           Version: 4.91
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: high
         Component: TLS
          Assignee: jgh146exb@???
          Reporter: eximusers@???
                CC: exim-dev@???


Created attachment 1160
--> https://bugs.exim.org/attachment.cgi?id=1160&action=edit
First shot at a fix.

Hello,

exim (4.92 rc2) built against gnutls >= 3.6.5 supports TLS 1.3. However while
incoming connections seem to work, outgoing TLS 1.3 is totally broken, mails
are stuck in the queue.
----------------------
16:09:51 23494 cipher: TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256
16:09:51 23494 Have channel bindings cached for possible auth usage.
16:09:51 23494 SMTP>> EHLO argenau.bebt.de
16:09:51 23494 cmd buf flush 22 bytes
16:09:51 23494 tls_write(0x7ffe02af0cd0, 22)
16:09:51 23494 gnutls_record_send(SSL, 0x7ffe02af0cd0, 22)
16:09:51 23494 outbytes=22
16:09:51 23494 Calling gnutls_record_recv(0x559451c5fe30, 0x7ffe02aefcd0, 4096)
16:09:51 23494 GnuTLS<3>: ASSERT: ../../lib/buffers.c[get_last_packet]:1171
16:09:51 23494 GnuTLS<3>: ASSERT:
../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1431
16:09:51 23494 GnuTLS<3>: ASSERT:
../../lib/record.c[_gnutls_recv_in_buffers]:1560
16:09:51 23494 GnuTLS<3>: ASSERT: ../../lib/record.c[_gnutls_recv_int]:1759
16:09:51 23494 tls_read: err from gnutls_record_recv(
16:09:51 23494 LOG: MAIN
16:09:51 23494 H=ellipsis.scootmail.com [217.146.107.185] TLS error on
connection (recv): Resource temporarily unavailable, try again.
16:09:51 23494 SMTP(No such file or directory)<<
16:09:51 23494 tls_close(): shutting down TLS
16:09:51 23494 GnuTLS<3>: ASSERT:
../../lib/buffers.c[_gnutls_io_write_flush]:696
16:09:51 23494 SMTP(close)>>
16:09:51 23494 LOG: MAIN
----------------------

(Thanks, Jeremy Harris, for help with this and providing a test server to
connect to.)

The error seems to be caused by exim regarding gnutls_record_recv() returning a
value <0 as a fatal error, while GNUTLS_E_AGAIN will happen in a normal TLS1.3
connection, due to the changed handshake.
See https://gitlab.com/gnutls/gnutls/issues/644#note_123363338

Attached patch seems to work for, Jeremy said he had tested something
similarily, so we better use his version.

--
You are receiving this mail because:
You are on the CC list for the bug.