fetchmail: 6.4.20 querying pop.gmx.de (protocol POP3) at Thu Jul 29 09:02:15
2021: poll started
Trying to connect to 212.227.17.185/110...connected.
fetchmail: POP3< +OK POP server ready H migmx020 0MVSXe-1mgVaz2peI-00YxO4
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< STLS
fetchmail: POP3< SASL
fetchmail: POP3< IMPLEMENTATION trinity
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK Begin TLS negotiation
fetchmail: SSL verify callback depth 2: preverify_ok == 1, err = 0, ok
fetchmail: Certificate chain, from root to peer, starting at depth 2:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 3
fetchmail: Subject CommonName: T-TeleSec GlobalRoot Class 3
fetchmail: SSL verify callback depth 1: preverify_ok == 1, err = 0, ok
fetchmail: Certificate at depth 1:
fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH
fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 3
fetchmail: Subject CommonName: TeleSec ServerPass Extended Validation Class 3 CA
fetchmail: SSL verify callback depth 0: preverify_ok == 1, err = 0, ok
fetchmail: Server certificate:
fetchmail: Issuer Organization: T-Systems International GmbH
fetchmail: Issuer CommonName: TeleSec ServerPass Extended Validation Class 3 CA
fetchmail: Subject CommonName: mail.gmx.net
fetchmail: Subject Alternative Name: mail.gmx.net
fetchmail: Subject Alternative Name: mail.gmx.de
fetchmail: Subject Alternative Name: smtp.gmx.net
fetchmail: Subject Alternative Name: smtp.gmx.de
fetchmail: Subject Alternative Name: imap.gmx.net
fetchmail: Subject Alternative Name: imap.gmx.de
fetchmail: Subject Alternative Name: pop.gmx.net
fetchmail: Subject Alternative Name: pop.gmx.de
fetchmail: pop.gmx.de key fingerprint:
B1:70:9C:4D:EC:80:2F:9B:81:CB:AE:C1:99:BF:58:E5
fetchmail: SSL/TLS: using protocol TLSv1.3, cipher AEAD-AES256-GCM-SHA384,
256/256 secret/processed bits
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< USER
fetchmail: POP3< SASL PLAIN
fetchmail: POP3< IMPLEMENTATION trinity
fetchmail: POP3< .
fetchmail: pop.gmx.de: upgrade to TLS succeeded.
fetchmail: POP3> USER [...]
I think this still works...
On 2021-07-28 22:46 +01, Stuart Henderson <s...@spacehopper.org> wrote:
> includes a security fix for long log messages, and various others.
> some SSL code was reorganised, does anyone have a working config
> they could test with to make sure the adaptation for that still
> works ok?
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/mail/fetchmail/Makefile,v
> retrieving revision 1.161
> diff -u -p -r1.161 Makefile
> --- Makefile 28 Mar 2021 13:32:50 -0000 1.161
> +++ Makefile 28 Jul 2021 21:44:41 -0000
> @@ -2,7 +2,7 @@
>
> COMMENT= mail retrieval utility for POP2, POP3, KPOP, IMAP and more
>
> -DISTNAME= fetchmail-6.4.13
> +DISTNAME= fetchmail-6.4.20
> EXTRACT_SUFX= .tar.xz
>
> CATEGORIES= mail
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/mail/fetchmail/distinfo,v
> retrieving revision 1.39
> diff -u -p -r1.39 distinfo
> --- distinfo 28 Mar 2021 13:32:50 -0000 1.39
> +++ distinfo 28 Jul 2021 21:44:41 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (fetchmail-6.4.13.tar.xz) =
> fSjPBgsGucjsciZ75+3JqZtw9h19Mti2CUWNzt+nS+E=
> -SIZE (fetchmail-6.4.13.tar.xz) = 1308248
> +SHA256 (fetchmail-6.4.20.tar.xz) =
> yCFBri6PADnOsMXC7aQ8XpOtC/f5xrtigJKzvnQ4YXY=
> +SIZE (fetchmail-6.4.20.tar.xz) = 1317204
> Index: patches/patch-Makefile_in
> ===================================================================
> RCS file: /cvs/ports/mail/fetchmail/patches/patch-Makefile_in,v
> retrieving revision 1.23
> diff -u -p -r1.23 patch-Makefile_in
> --- patches/patch-Makefile_in 13 Sep 2020 19:01:23 -0000 1.23
> +++ patches/patch-Makefile_in 28 Jul 2021 21:44:41 -0000
> @@ -3,7 +3,7 @@ $OpenBSD: patch-Makefile_in,v 1.23 2020/
> Index: Makefile.in
> --- Makefile.in.orig
> +++ Makefile.in
> -@@ -2154,7 +2154,7 @@ info: info-recursive
> +@@ -2197,7 +2197,7 @@ info: info-recursive
>
> info-am:
>
> Index: patches/patch-socket_c
> ===================================================================
> RCS file: /cvs/ports/mail/fetchmail/patches/patch-socket_c,v
> retrieving revision 1.13
> diff -u -p -r1.13 patch-socket_c
> --- patches/patch-socket_c 14 Sep 2020 15:14:55 -0000 1.13
> +++ patches/patch-socket_c 28 Jul 2021 21:44:41 -0000
> @@ -3,16 +3,7 @@ $OpenBSD: patch-socket_c,v 1.13 2020/09/
> Index: socket.c
> --- socket.c.orig
> +++ socket.c
> -@@ -902,7 +902,7 @@ static const char *SSLCertGetCN(const char *mycert,
> - return ret;
> - }
> -
> --#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x1010000fL
> -+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
> - /* OSSL_proto_version_logic for OpenSSL 1.0.x and LibreSSL */
> - static int OSSL10X_proto_version_logic(int sock, const char **myproto, int
> *avoid_ssl_versions)
> - {
> -@@ -1149,6 +1149,10 @@ int SSLOpen(int sock, char *mycert, char *mykey, const
> +@@ -1150,6 +1150,10 @@ int SSLOpen(int sock, char *mycert, char *mykey, const
> /* Check which trusted X.509 CA certificate store(s) to load */
> {
> char *tmp;
> @@ -23,7 +14,7 @@ Index: socket.c
> int want_default_cacerts = 0;
>
> /* Load user locations if any is given */
> -@@ -1162,6 +1166,13 @@ int SSLOpen(int sock, char *mycert, char *mykey, const
> +@@ -1163,6 +1167,13 @@ int SSLOpen(int sock, char *mycert, char *mykey, const
> if (want_default_cacerts || (tmp && tmp[0])) {
> SSL_CTX_set_default_verify_paths(_ctx[sock]);
> }
> Index: patches/patch-tls-aux_h
> ===================================================================
> RCS file: patches/patch-tls-aux_h
> diff -N patches/patch-tls-aux_h
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-tls-aux_h 28 Jul 2021 21:44:41 -0000
> @@ -0,0 +1,14 @@
> +$OpenBSD$
> +
> +Index: tls-aux.h
> +--- tls-aux.h.orig
> ++++ tls-aux.h
> +@@ -8,7 +8,7 @@
> + #ifdef SSL_ENABLE
> + #include <openssl/opensslv.h>
> +
> +-# if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER <
> 0x1010000fL
> ++# if OPENSSL_VERSION_NUMBER < 0x1010000fL
> + # undef OSSL110_API
> + # else
> + # define OSSL110_API 1
>
--
I'm not entirely sure you are real.
