[exim] 4.94: _gnutls_sort_clist: Assertion `k == clist_size'…

Góra strony
Delete this message
Reply to this message
Autor: Evgeniy Berdnikov
Data:  
Dla: exim-users
Temat: [exim] 4.94: _gnutls_sort_clist: Assertion `k == clist_size' failed
Hello!

I have Exim 4.94 from Debian (packages 4.94-15 for i386 inside LXC container).
Attempt to send mail to some address fails as:

# exim4 -d-all+transport+tls+route+timestamp -M 1lC14S-00Fr49-2d
11:27:57 Exim version 4.94 uid=0 gid=0 pid=3989747 D=3c000000
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PIPE_CONNECT PRDR PROXY SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Compiler: GCC [10.2.1 20210110]
Library version: Glibc: Compile: 2.31
                        Runtime: 2.31
Library version: BDB: Compile: Berkeley DB 5.3.28: (September  9, 2013)
                      Runtime: Berkeley DB 5.3.28: (September  9, 2013)
Library version: GnuTLS: Compile: 3.7.0
                         Runtime: 3.7.0
Library version: IDN2: Compile: 2.3.0
                       Runtime: 2.3.0
Library version: Stringprep: Compile: 1.33
                             Runtime: 1.33
Library version: Cyrus SASL: Compile: 2.1.27
                             Runtime: 2.1.27 [Cyrus SASL]
Library version: PCRE: Compile: 8.39
                       Runtime: 8.39 2016-06-14
Library version: MySQL: Compile: 100508 10.5.8 [mariadb-10.5]
                        Runtime: 100508 10.5.8
Library version: SQLite: Compile: 3.34.1
                         Runtime: 3.34.1
WHITELIST_D_MACROS: "OUTGOING"
TRUSTED_CONFIG_LIST: "/etc/exim4/trusted_configs"
11:27:57.367 configuration file is /var/lib/exim4/config.autogenerated
11:27:57.367 log selectors = ffffffff ffffffff ffffffff
11:27:57.368 LOG: MAIN
11:27:57.368   cwd=/root 4 args: exim4 -d-all+transport+tls+route+timestamp -M 1lC14S-00Fr49-2d


[... lines deleted ...]

11:27:57.452   Aliaksandr.Xxxxxxxxxxx@???
11:27:57.452 hostlist:
11:27:57.452   'ipm02.alfa-bank.by' IP 87.252.250.52 port -1
11:27:57.452   'ipm01.alfa-bank.by' IP 87.252.250.51 port -1
11:27:57.453 checking status of ipm02.alfa-bank.by
11:27:57.453 locking /var/spool/exim4/db/retry.lockfile
11:27:57.453 no host retry record
11:27:57.453 no message retry record
11:27:57.453 ipm02.alfa-bank.by [87.252.250.52] retry-status = usable
11:27:57.453 delivering 1lC14S-00Fr49-2d to ipm02.alfa-bank.by [87.252.250.52] (Aliaksandr.Xxxxxxxxxxx@???)
11:27:57.453 Connecting to ipm02.alfa-bank.by [87.252.250.52]:25 ...  TFO mode sendto, no data: EINPROGRESS
11:27:57.453  connected
11:27:58.808 read response data: size=30
11:27:58.808   SMTP<< 220 ************************
11:27:58.808   SMTP>> EHLO passat.protva.ru
11:27:58.808 cmd buf flush 22 bytes
11:27:58.853 read response data: size=71
11:27:58.853   SMTP<< 250-ipm02.alfa-bank.by
11:27:58.853          250-8BITMIME
11:27:58.853          250-SIZE 41943040
11:27:58.853          250 STARTTLS
11:27:58.853   SMTP>> STARTTLS
11:27:58.853 cmd buf flush 10 bytes
11:27:58.894 read response data: size=23
11:27:58.894   SMTP<< 220 Go ahead with TLS
11:27:58.894 initialising GnuTLS as a client on fd 8
11:27:58.894 GnuTLS global init required.
11:27:58.894 initialising GnuTLS client session
11:27:58.894 Expanding various TLS configuration options for session credentials.
11:27:58.895 TLS: no client certificate specified; okay
11:27:58.919 Added 127 certificate authorities.
11:27:58.919 GnuTLS using default session cipher/priority "NORMAL"
11:27:58.919 Setting D-H prime minimum acceptable bits to 1024
11:27:58.919 TLS: server cert verification includes hostname: "ipm02.alfa-bank.by".
11:27:58.919 TLS: server certificate verification optional.
11:27:58.920 TLS: will request OCSP stapling
11:27:58.920 about to gnutls_handshake
11:27:59.112 (TLS1.2)-(DHE-CUSTOM2048)-(RSA-SHA512)-(AES-256-GCM)
11:27:59.112 CLIENT_RANDOM 963c22ab8f8da8a84304b62ffdb9188b616ff6522507ce73ce5fdbcfaa709ff1 fd51aff7d59df024b9f41114be80b554bf5889deff4d616892e0543230c7940a28af5d134e751a72e37a414104ed2544
11:27:59.112 TLS: checking peer certificate
exim4: ../../../lib/x509/common.c:1794: _gnutls_sort_clist: Assertion `k == clist_size' failed.
11:27:59.115 LOG: MAIN PANIC
11:27:59.115   Delivery status for Aliaksandr.Xxxxxxxxxxx@???: got 0 of 7 bytes (pipeheader) from transport process 3989748 for transport smtp
11:27:59.115 
11:27:59.115 LOG: MAIN
11:27:59.115   == aliaksandr.xxxxxxxxxxx@??? <Aliaksandr.Xxxxxxxxxxx@???> R=dnslookup T=remote_smtp defer (-1) DT=0.000s: smtp transport process returned non-zero status 0x0006: terminated by signal 6


For me it looks as some bug in gnutls...

# dpkg -l 'libgnutls*' | fgrep ii
ii  libgnutls-dane0:i386 3.7.0-5      i386         GNU TLS library - DANE security support
ii  libgnutls30:i386     3.7.0-5      i386         GNU TLS library - main runtime library


I plan to overcome it with `hosts_avoid_tls'. But I'll keep this mail
in queue some time, waiting for additional questions (if any).
--
Eugene Berdnikov