Package: devscripts Version: 2.22.2 Severity: important -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi, I'm running a mail server. The server is using wildcard-certificates issued by letsencrypt (but the same issue happens with a dedicated certificate). Since the last update of libio-socket-ssl-perl, whenever I try to send mails via the bts command, I receive the following error: bts: failed to open SMTPS connection to smtps://mail.wgdd.de (hostname verification failed) Same happens if I use TLS. I checked the certificates and I cannot find any issues. All other tools work well. If I downgrade libio-socket-ssl-perl to version 2.077-1, everything works fine. The main change between versions 2.077 and 2.078 in libio-socket-ssl-perl is: 2.078 2022/12/11 - - revert decision from 2014 to not verify hostname by default if hostname is IP address but no explicit verification scheme given https://github.com/noxxi/p5-io-socket-ssl/issues/121 I found some hints, that Net::SMTPS, used by bts, does not support SSL_verifycn_scheme smtp. But this is not my expertise. I'd just like to see bts fixed and being able to send mail to a mailserver via SSL/TLS. Issues with SSL support in bts have come up multiple times. I remember, that I even had to patch some code myself in the past to make it work. There are even now patches (e.g. #853991), which might improve the situation. But like this, bts is unusable. Regards, Daniel - -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-1-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libio-socket-ssl-perl depends on: ii libnet-ssleay-perl 1.92-2+b1 ii netbase 6.4 ii perl 5.36.0-7 Versions of packages libio-socket-ssl-perl recommends: pn libio-socket-ip-perl | libio-socket-inet6-perl <none> ii libnet-idn-encode-perl 2.500-3+b1 ii libnet-libidn-perl 0.12.ds-4+b1 ii liburi-perl 5.17-1 ii perl-base [libsocket-perl] 5.36.0-7 Versions of packages libio-socket-ssl-perl suggests: ii ca-certificates 20211016 - -- no debconf information -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmPQmXwACgkQS80FZ8KW 0F1P+hAA1KcFh8/lqTRkrrL85H0vGbr82KNFvNRLGwqOyzL9N4vLjfIedlt+hzbU 6/YzRznl5dCzTHCwju4BYyZfrpo6NPPtfLjjwPRtajwUnbw3Q9INGACTupkTtwoC eKCFQM2dpGODERD1zjPN16iBfoGc97pWzE3nCZpxUFZxhKTKw78tpmbr7LMnHx2j DKXAJgejlmhtYxVLk9YKynLR0x8MoSNlYRB1T7hdoQt0lo5KnbQbEsZjlXSg9AFb 8I/T29YO9n2dA2litq4RMVONtDN9p1YyCsY+fBO8RUnLS6v+Wy+vCEhwBYPm/dQp DajXqxmWwU94oMF3UT8NuvgGW2OCWOhbrpFaSRRnGctXoTHTzJ/D7qMza5Qakdxh SdORO9d5LRAwFDti54zx9c62Z42wUn2P7tIIhYJpI/VcqMeVIlPw9lOzb/Xkur2e lX2ARUbFxFuyP87pn90LNv+GIsNe6lrXfY9GXQ080RZ9lozui1YKk9bGVvLHYOVR XGEIPSBX9FqosBA8ZQ6FrJiUZ7yC+1Cz0dToHMiGNaDSlS/naxadQCSp3ZHuHl0g Esxq7MnnKIgzjqLx7PSgGzDNan5mnS+k0c5T6uC+6jL9z2m5czPqGLUVaAFYjwd3 X3+dsBZY34R1qZ1qzzqJutp0nZXO4NiIwSINbXVO8dcdsjTACoE= =+f0s -----END PGP SIGNATURE-----