Bug 3422 - starttls starts too early when using client certificates
Summary: starttls starts too early when using client certificates
Status: NEW
Alias: None
Product: Claws Mail (GTK 2)
Classification: Unclassified
Component: SMTP (show other bugs)
Version: other
Hardware: PC Linux
: P3 normal
Assignee: users
URL:
Depends on:
Blocks:
 
Reported: 2015-04-27 10:00 UTC by darix
Modified: 2015-05-21 16:48 UTC (History)
0 users

See Also:


Attachments

Description darix 2015-04-27 10:00:48 UTC
postfix submission port is set to enforce encryption and require a client cert. It works if you disable the client cert in postfix and on the client. claws-mail has a pkcs#12 file set up for sending and retrieving. the IMAP part works nicely.

On the sending side you run into an SSL error. With debug you get:

```
ssl.c:247:SSL_connect thread returned -50
** (claws-mail:19632): WARNING **: SSL connection failed (The request is invalid.)
** (claws-mail:19632): WARNING **: couldn't start TLS session.
** (claws-mail:19632): WARNING **: [02:02:00] couldn't start TLS session
(claws-mail:19632): Claws-Mail-WARNING **: send: error: 220 2.0.0 Ready to start TLS
** (claws-mail:19632): WARNING **: [02:02:00] Error occurred while sending the message.
session.c:363:session (0xe58d10): closed
session.c:237:session (0xe58d10): destroyed
```

To me it looks like it doesn't wait for the starttls ack from the server but starts right away.

Tested the setup with gnutls-cli/openssl s_client/msmtp and all work as expected.
Comment 1 darix 2015-05-21 16:48:47 UTC
JFYI: it is not required for the server to require the client cert. just configuring one is enough to trigger the bug.

Note You need to log in before you can comment on or make changes to this bug.