Package: devscripts
Version: 2.22.2
Severity: important

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

I'm running a mail server. The server is using wildcard-certificates issued by
letsencrypt (but the same issue happens with a dedicated certificate). Since
the last update of libio-socket-ssl-perl, whenever I try to send mails via the
bts command, I receive the following error:

bts: failed to open SMTPS connection to smtps://mail.wgdd.de
(hostname verification failed)

Same happens if I use TLS. I checked the certificates and I cannot find any
issues. All other tools work well. If I downgrade libio-socket-ssl-perl to
version 2.077-1, everything works fine. The main change between versions 2.077
and 2.078 in libio-socket-ssl-perl is:

2.078 2022/12/11
- - revert decision from 2014 to not verify hostname by default if hostname is
  IP address but no explicit verification scheme given
  https://github.com/noxxi/p5-io-socket-ssl/issues/121

I found some hints, that Net::SMTPS, used by bts, does not support
SSL_verifycn_scheme smtp.  But this is not my expertise. I'd just like to see
bts fixed and being able to send mail to a mailserver via SSL/TLS.

Issues with SSL support in bts have come up multiple times. I remember, that I
even had to patch some code myself in the past to make it work. There are even
now patches (e.g. #853991), which might improve the situation. But like this,
bts is unusable.

Regards, Daniel



- -- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'stable-security'), (500, 'stable-debug'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libio-socket-ssl-perl depends on:
ii  libnet-ssleay-perl  1.92-2+b1
ii  netbase             6.4
ii  perl                5.36.0-7

Versions of packages libio-socket-ssl-perl recommends:
pn  libio-socket-ip-perl | libio-socket-inet6-perl  <none>
ii  libnet-idn-encode-perl                          2.500-3+b1
ii  libnet-libidn-perl                              0.12.ds-4+b1
ii  liburi-perl                                     5.17-1
ii  perl-base [libsocket-perl]                      5.36.0-7

Versions of packages libio-socket-ssl-perl suggests:
ii  ca-certificates  20211016

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmPQmXwACgkQS80FZ8KW
0F1P+hAA1KcFh8/lqTRkrrL85H0vGbr82KNFvNRLGwqOyzL9N4vLjfIedlt+hzbU
6/YzRznl5dCzTHCwju4BYyZfrpo6NPPtfLjjwPRtajwUnbw3Q9INGACTupkTtwoC
eKCFQM2dpGODERD1zjPN16iBfoGc97pWzE3nCZpxUFZxhKTKw78tpmbr7LMnHx2j
DKXAJgejlmhtYxVLk9YKynLR0x8MoSNlYRB1T7hdoQt0lo5KnbQbEsZjlXSg9AFb
8I/T29YO9n2dA2litq4RMVONtDN9p1YyCsY+fBO8RUnLS6v+Wy+vCEhwBYPm/dQp
DajXqxmWwU94oMF3UT8NuvgGW2OCWOhbrpFaSRRnGctXoTHTzJ/D7qMza5Qakdxh
SdORO9d5LRAwFDti54zx9c62Z42wUn2P7tIIhYJpI/VcqMeVIlPw9lOzb/Xkur2e
lX2ARUbFxFuyP87pn90LNv+GIsNe6lrXfY9GXQ080RZ9lozui1YKk9bGVvLHYOVR
XGEIPSBX9FqosBA8ZQ6FrJiUZ7yC+1Cz0dToHMiGNaDSlS/naxadQCSp3ZHuHl0g
Esxq7MnnKIgzjqLx7PSgGzDNan5mnS+k0c5T6uC+6jL9z2m5czPqGLUVaAFYjwd3
X3+dsBZY34R1qZ1qzzqJutp0nZXO4NiIwSINbXVO8dcdsjTACoE=
=+f0s
-----END PGP SIGNATURE-----

Reply via email to