Re: [msmtp-users] TLS failure

[Ben Gamari <bgamari@...20...>]

grarpamp <grarpamp@...20...> writes:

> This might be because your server is asking for client
> certs and supplying an [long] list of acceptable CA's. And your
> msmtp may be linked to openssl libs which interprets
> that.
> 
ldd indicates that msmtp is linked against gnutls,

    $ ldd /usr/bin/msmtp
            linux-vdso.so.1 =>  (0x00007fff3d5ae000)
            libgnutls-deb0.so.28 => /usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28 (0x00007f3507868000)
            libgsasl.so.7 => /usr/lib/libgsasl.so.7 (0x00007f3507649000)
            libidn.so.11 => /usr/lib/x86_64-linux-gnu/libidn.so.11 (0x00007f3507415000)
            libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f3507050000)
            libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f3506e37000)
            libp11-kit.so.0 => /usr/lib/x86_64-linux-gnu/libp11-kit.so.0 (0x00007f3506bf4000)
            libtasn1.so.6 => /usr/lib/x86_64-linux-gnu/libtasn1.so.6 (0x00007f35069e2000)
            libnettle.so.4 => /usr/lib/x86_64-linux-gnu/libnettle.so.4 (0x00007f35067b1000)
            libhogweed.so.2 => /usr/lib/x86_64-linux-gnu/libhogweed.so.2 (0x00007f3506582000)
            libgmp.so.10 => /usr/lib/x86_64-linux-gnu/libgmp.so.10 (0x00007f3506302000)
            libntlm.so.0 => /usr/lib/x86_64-linux-gnu/libntlm.so.0 (0x00007f35060fa000)
            libgssapi_krb5.so.2 => /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 (0x00007f3505eb1000)
            /lib64/ld-linux-x86-64.so.2 (0x00007f3507bb9000)
            libffi.so.6 => /usr/lib/x86_64-linux-gnu/libffi.so.6 (0x00007f3505ca9000)
            libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f3505aa5000)
            libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f3505886000)
            libkrb5.so.3 => /usr/lib/x86_64-linux-gnu/libkrb5.so.3 (0x00007f35055b7000)
            libk5crypto.so.3 => /usr/lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007f3505387000)
            libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2 (0x00007f3505182000)
            libkrb5support.so.0 => /usr/lib/x86_64-linux-gnu/libkrb5support.so.0 (0x00007f3504f77000)
            libkeyutils.so.1 => /lib/x86_64-linux-gnu/libkeyutils.so.1 (0x00007f3504d73000)
            libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f3504b57000)

> And msmtp appears to be considering something
> therein an error instead of continuing with the session
> as raw gnutls/openssl clients would.
> 
I've traced through msmtp with gdb and it's certainly gnutls_handshake
that is causing the failure. In particular it seems to return with
GNUTLS_E_AGAIN which suggests that the underlying connection was
terminated during the handshake.

> Or you're genuinely timing out.
> 
Unless the timeout is extremely aggressive and rather skeptical of this.

Cheers,

- Ben

Attachment: pgpdiyeu4uzGy.pgp
Description: PGP signature