On Sat, Sep 12, 2020 at 07:09:16PM +1200,
richard.n.proc...@gmail.com wrote:
On Fri, 11 Sep 2020, Theo Buehler wrote:
Hi Richard,
Could you please give the patch below a go on a relatively -current
machine (anything after May 24 should be fine) and try if you can send
and read mail with gmail?
We have enabled AUTO_RETRY in libssl, so we should no longer do the
retry of the writes, it may actually break things. That should also
address the busy looping Jussi sees on the alpine server.
Hi Theo,
Sure thing. It looks like a no-go. Here's what I did:
First build the latest alpine(1) sans-patch and test:
- sysupgrade
- /usr/ports$ cvs -ACd
- make build && make install in /usr/ports/mail/alpine
- this connects to gmail fine (as expected).
Then build with your patch. Alpine then fails to connect to gmail with
"SSL negotiation failed".
I applied my debug patch below on top of your patch (I've attached the
final patches/patch-imap_src_osdep_unix_ssl_unix_c file as
the resultant
patch was unwieldly) and got the following two lines of output:
ssl_start_work: SSL_get_error: 3
ssl_start_work: ERR_get_error_line_data
Happy to help work on this further if you need.
Thank you. So that's again the issue we fixed by retrying the SSL_write
before 6.7.
The patch below should still let alpine interoperate with gmail and
hopefully also fix Jussi's thunderbird issue on the server. I simplified
and cleaned up the retry logic a bit. It preserves the logic apparently
really needed for gmail interoperation and removes the second SSL_write
retry that is probably spinning in a tight loop on Jussi's server.
Could both of you give this a try please?
Index: Makefile
===================================================================
RCS file: /var/cvs/ports/mail/alpine/Makefile,v
retrieving revision 1.47
diff -u -p -r1.47 Makefile
--- Makefile 1 May 2020 09:09:14 -0000 1.47
+++ Makefile 12 Sep 2020 07:42:47 -0000
@@ -28,7 +28,7 @@ PKGNAME-mailutil= mailutil-uw-${V}
PKGNAME-pico= pico-${PICO_V}
PKGNAME-pilot= pilot-${PILOT_V}
-REVISION= 4
+REVISION= 5
REVISION-pico= 20
REVISION-pilot= 20
Index: patches/patch-imap_src_osdep_unix_ssl_unix_c
===================================================================
RCS file:
/var/cvs/ports/mail/alpine/patches/patch-imap_src_osdep_unix_ssl_unix_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-imap_src_osdep_unix_ssl_unix_c
--- patches/patch-imap_src_osdep_unix_ssl_unix_c 1 May 2020
09:09:14 -0000 1.1
+++ patches/patch-imap_src_osdep_unix_ssl_unix_c 12 Sep 2020
07:57:42 -0000
@@ -1,7 +1,7 @@
$OpenBSD: patch-imap_src_osdep_unix_ssl_unix_c,v 1.1
2020/05/01 09:09:14 tb Exp $
* some popular mail services enforce SNI for TLSv1.3 clients,
so send it
-* retry SSL_write if we're told to do so.
+* retry SSL_write on blocking socket if we're told to do so.
Index: imap/src/osdep/unix/ssl_unix.c
--- imap/src/osdep/unix/ssl_unix.c.orig
@@ -14,7 +14,7 @@ Index: imap/src/osdep/unix/ssl_unix.c
unsigned long sl,tl;
char *s,*t,*err,tmp[MAILTMPLEN], buf[256];
sslcertificatequery_t scq =
-@@ -313,12 +314,22 @@ static char *ssl_start_work (SSLSTREAM
*stream,char *h
+@@ -313,12 +314,21 @@ static char *ssl_start_work (SSLSTREAM
*stream,char *h
/* create connection */
if (!(stream->con = (SSL *) SSL_new (stream->context)))
return "SSL connection failed";
@@ -29,28 +29,11 @@ Index: imap/src/osdep/unix/ssl_unix.c
- if (SSL_write (stream->con,"",0) < 0)
+ do {
+ ssl_err = SSL_write (stream->con,"",0);
-+ } while ((ssl_err == -1 &&
-+ SSL_get_error(stream->con, ssl_err) == SSL_ERROR_SYSCALL
&& errno == EINTR) ||
-+ (ssl_err < 0 &&
-+ (SSL_get_error(stream->con, ssl_err) == SSL_ERROR_WANT_READ ||
-+ SSL_get_error(stream->con, ssl_err) ==
SSL_ERROR_WANT_WRITE)));
++ } while (ssl_err < 0 &&
++ ((SSL_get_error(stream->con, ssl_err) ==
SSL_ERROR_SYSCALL && errno == EINTR) ||
++ SSL_get_error(stream->con, ssl_err) == SSL_ERROR_WANT_READ ||
++ SSL_get_error(stream->con, ssl_err) == SSL_ERROR_WANT_WRITE));
+ if (ssl_err < 0)
return ssl_last_error ? ssl_last_error : "SSL negotiation
failed";
/* need to validate host names? */
if (!(flags & NET_NOVALIDATECERT) &&
-@@ -626,7 +637,14 @@ long ssl_sout (SSLSTREAM *stream,char
*string,unsigned
- /* until request satisfied */
- for (i = 0; size > 0; string += i,size -= i)
- /* write as much as we can */
-- if ((i = SSL_write (stream->con,string,(int) min
(SSLBUFLEN,size))) < 0) {
-+ do {
-+ i = SSL_write (stream->con,string,(int) min (SSLBUFLEN,size));
-+ } while ((i == -1 &&
-+ SSL_get_error(stream->con, i) == SSL_ERROR_SYSCALL &&
errno == EINTR) ||
-+ (i < 0 &&
-+ (SSL_get_error(stream->con, i) == SSL_ERROR_WANT_READ ||
-+ SSL_get_error(stream->con, i) == SSL_ERROR_WANT_WRITE)));
-+ if (i < 0) {
- if (tcpdebug) {
- char tmp[MAILTMPLEN];
- sprintf (tmp,"SSL data write I/O error %d SSL error %d",