Bug 3422

Summary:	starttls starts too early when using client certificates
Product:	Claws Mail (GTK 2)	Reporter:	darix <claws>
Component:	SMTP	Assignee:	users
Status:	NEW ---
Severity:	normal
Priority:	P3
Version:	other
Hardware:	PC
OS:	Linux

Description darix 2015-04-27 12:00:48 UTC

postfix submission port is set to enforce encryption and require a client cert. It works if you disable the client cert in postfix and on the client. claws-mail has a pkcs#12 file set up for sending and retrieving. the IMAP part works nicely.

On the sending side you run into an SSL error. With debug you get:

```
ssl.c:247:SSL_connect thread returned -50
** (claws-mail:19632): WARNING **: SSL connection failed (The request is invalid.)
** (claws-mail:19632): WARNING **: couldn't start TLS session.
** (claws-mail:19632): WARNING **: [02:02:00] couldn't start TLS session
(claws-mail:19632): Claws-Mail-WARNING **: send: error: 220 2.0.0 Ready to start TLS
** (claws-mail:19632): WARNING **: [02:02:00] Error occurred while sending the message.
session.c:363:session (0xe58d10): closed
session.c:237:session (0xe58d10): destroyed
```

To me it looks like it doesn't wait for the starttls ack from the server but starts right away.

Tested the setup with gnutls-cli/openssl s_client/msmtp and all work as expected.

Comment 1 darix 2015-05-21 18:48:47 UTC

JFYI: it is not required for the server to require the client cert. just configuring one is enough to trigger the bug.