Bug 1396209

Summary: Backport IRC/PostgreSQL/LMTP/NNTP/Sieve/LDAP support for OpenSSL's s_client
Product: Red Hat Enterprise Linux 7 Reporter: Robert Scheck <redhat-bugzilla>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Stefan Dordevic <sdordevi>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.3CC: akjain, akostadi, robert.scheck, sdordevi, szidek, tmraz
Target Milestone: rcKeywords: OtherQA, Patch
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssl-1.0.2k-4.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 18:16:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
openssl-1.0.1e-s_client-lmtp.patch
none
openssl-1.0.2k-s_client-starttls.patch tmraz: review+

Description Robert Scheck 2016-11-17 17:42:52 UTC 
Description of problem:
Please backport LMTP support (RFC 2033) for OpenSSL's s_client (once it is
upstream): https://github.com/openssl/openssl/pull/1945

When working often with mail servers, remote LMTP servers sometimes require
STARTTLS which is right now not supported in OpenSSL's client, thus debugging
or testing such setups is harder without that feature.

Version-Release number of selected component (if applicable):
openssl-1.0.1e-60.el7.x86_64

Actual results:
No LMTP support in OpenSSL's s_client.

Expected results:
LMTP support in OpenSSL's s_client... ;-)
Comment 1 Robert Scheck 2016-11-17 17:45:35 UTC 
Created attachment 1221614 [details]
openssl-1.0.1e-s_client-lmtp.patch

My proposal for backporting the feature to OpenSSL in RHEL 7.
Comment 2 Robert Scheck 2016-11-17 17:49:40 UTC 
Cross-filed case 01742481 on Red Hat customer portal.
Comment 4 Robert Scheck 2017-03-07 21:51:41 UTC 
Created attachment 1260998 [details]
openssl-1.0.2k-s_client-starttls.patch

Given I am not able to access the openssl-1.0.2k-1.el7 mentioned in
bug #1276310 this patch is created against a vanilla OpenSSL 1.0.2k.
Comment 5 Tomas Mraz 2017-03-08 08:30:39 UTC 
I suppose you are willing to test the patched openssl if we provide it to you through the customer portal case?
Comment 7 Robert Scheck 2017-03-08 09:19:54 UTC 
Tomas, indeed. I am also willing to rebase my patch if a SRPM is provided.
Comment 8 Tomas Mraz 2017-03-08 10:49:18 UTC 
That's trivial, I'll take care of that.
Comment 13 Robert Scheck 2017-03-15 14:58:45 UTC 
I successfully tested XMPP-Server/IRC/PostgreSQL/LMTP/NNTP/Sieve/LDAP using
openssl-1.0.2k-4.el7 against at least 2 servers/daemons per before mentioned
protocol (to achieve both, a successful STARTTLS and also a failed one). The
testing result matches my tests that I did with upstream/master (1.1.x).
Comment 14 Tomas Mraz 2017-03-15 15:41:28 UTC 
Great, thank you.
Comment 17 errata-xmlrpc 2017-08-01 18:16:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1929