Bug 1557574
Summary: | Add SSL support to Net::SMTP Perl module | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Rajesh Dulhani <rdulhani> | ||||||||||
Component: | perl | Assignee: | perl-maint-list | ||||||||||
Status: | CLOSED ERRATA | QA Contact: | Martin Kyral <mkyral> | ||||||||||
Severity: | medium | Docs Contact: | Lenka Špačková <lkuprova> | ||||||||||
Priority: | unspecified | ||||||||||||
Version: | 7.4 | CC: | bgollahe, bnater, djez, jorton, mkyral, ppisar | ||||||||||
Target Milestone: | rc | Keywords: | FutureFeature, Patch | ||||||||||
Target Release: | --- | ||||||||||||
Hardware: | x86_64 | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | perl-5.16.3-293.el7 | Doc Type: | Release Note | ||||||||||
Doc Text: |
The *Net::SMTP* Perl module now supports SSL
This update adds support for implicit and explicit TLS and SSL encryption to the *Net::SMTP* Perl module. As a result, it is now possible to communicate with SMTP servers through a secured channel.
|
Story Points: | --- | ||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2018-10-30 10:54:53 UTC | Type: | Bug | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | 1571850, 1572546 | ||||||||||||
Bug Blocks: | 1549616, 1551025 | ||||||||||||
Attachments: |
|
Description
Rajesh Dulhani
2018-03-16 22:45:13 UTC
Perl 5.16.3 delivers Net::SMTP 2.31. Next stable Perl that delivers Net::SMTP ≥ 2.35 is Perl 5.22.0. I cannot rebase Perl because it has different ABI. I will investigate whether I can port SSL support back to existing Net::SMTP module in perl package. The SSL support was added in libnet-1.28 CPAN distribution <http://cpansearch.perl.org/src/SHAY/libnet-3.11/Changes> with commit <https://github.com/steve-m-hay/perl-libnet/commit/b4a7a274a7fe5344c154abc4b3fdd7c446d36370> (merge commit <https://github.com/steve-m-hay/perl-libnet/commit/c274b798e6881a941d941808c6d89966975cb8c8>). In the mean time, please consider using Perl 5.24 from Red Hat Software Collections <https://access.redhat.com/documentation/en-us/red_hat_software_collections/2/html/2.3_release_notes/chap-rhscl#sect-RHSCL-Changes-perl>. Created attachment 1411231 [details]
1/4 Upstream patch ported to perl-5.16.3
Created attachment 1411232 [details]
2/4 Upstream patch ported to perl-5.16.3
Created attachment 1411233 [details]
3/4 Upstream patch ported to perl-5.16.3
Created attachment 1411234 [details]
4/4 Upstream patch ported to perl-5.16.3
The attached patchset adds SSL support to Net::SMTP Perl module as delivered in perl package. We recommend using it with updated perl-IO-Socket-SSL (bug #1402588) that used system CA certificate store by default. How to test: (1) Start an SMTP server with implicit and explict SSL support. Or you can use openssl tool to some extent: $ openssl s_server -accept 465 -CAfile ca -cert ca -key key (2) Use Net::SMTP with implicit SSL: $ perl -MNet::SMTP -e '$s=Net::SMTP->new(q{localhost}, SSL =>1); print qq{Exception: $@\n}; print $s->domain, qq{\n}' Exception: SSL connect attempt failed with unknown error error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Can't call method "domain" on an undefined value at -e line 1. This must fail because the client does not know the "ca" authority. (3) Pass a file name with the "ca" authority: $ perl -MNet::SMTP -e '$s=Net::SMTP->new(q{localhost}, SSL =>1, SSL_ca_file => q{/tmp/ca}); print qq{Exception: $@\n}; print $s->domain, qq{\n}' and send this text from the SSL server: 200 foo And then after the server sends EHLO message: 200 bar The client should succeed and report the "foo" as an server identifier: $ perl -MNet::SMTP -e '$s=Net::SMTP->new(q{localhost}, SSL =>1, SSL_ca_file => q{/tmp/ca}); print qq{Exception: $@\n}; print $s->domain, qq{\n}' Exception: foo (4) Perform tests with explicit SSL (STARTLS). You would need a real SMTP server or something better than openssl tool: $ perl -MNet::SMTP -e '$s=Net::SMTP->new(q{smtp.corp.redhat.com}, Debug => 1); $s->starttls() or die qq{Exception: $@\n}; print $s->verify(q{ppisar}), qq{\n}' Net::SMTP>>> Net::SMTP(2.31) Net::SMTP>>> Net::Cmd(2.29) Net::SMTP>>> Exporter(5.68) Net::SMTP>>> IO::Socket::INET(1.33) Net::SMTP>>> IO::Socket(1.34) Net::SMTP>>> IO::Handle(1.33) Net::SMTP=GLOB(0x1e2c468)<<< 220 smtp.corp.redhat.com ESMTP Postfix Net::SMTP=GLOB(0x1e2c468)>>> EHLO localhost.localdomain Net::SMTP=GLOB(0x1e2c468)<<< 250-smtp.corp.redhat.com Net::SMTP=GLOB(0x1e2c468)<<< 250-PIPELINING Net::SMTP=GLOB(0x1e2c468)<<< 250-SIZE 30000000 Net::SMTP=GLOB(0x1e2c468)<<< 250-VRFY Net::SMTP=GLOB(0x1e2c468)<<< 250-ETRN Net::SMTP=GLOB(0x1e2c468)<<< 250-STARTTLS Net::SMTP=GLOB(0x1e2c468)<<< 250-ENHANCEDSTATUSCODES Net::SMTP=GLOB(0x1e2c468)<<< 250-8BITMIME Net::SMTP=GLOB(0x1e2c468)<<< 250 DSN Net::SMTP=GLOB(0x1e2c468)>>> STARTTLS Net::SMTP=GLOB(0x1e2c468)<<< 220 2.0.0 Ready to start TLS Net::SMTP::_SSL=GLOB(0x1e2c468)>>> EHLO localhost.localdomain Net::SMTP::_SSL=GLOB(0x1e2c468)<<< 250-smtp.corp.redhat.com Net::SMTP::_SSL=GLOB(0x1e2c468)<<< 250-PIPELINING Net::SMTP::_SSL=GLOB(0x1e2c468)<<< 250-SIZE 30000000 Net::SMTP::_SSL=GLOB(0x1e2c468)<<< 250-VRFY Net::SMTP::_SSL=GLOB(0x1e2c468)<<< 250-ETRN Net::SMTP::_SSL=GLOB(0x1e2c468)<<< 250-ENHANCEDSTATUSCODES Net::SMTP::_SSL=GLOB(0x1e2c468)<<< 250-8BITMIME Net::SMTP::_SSL=GLOB(0x1e2c468)<<< 250 DSN Net::SMTP::_SSL=GLOB(0x1e2c468)>>> VRFY ppisar Net::SMTP::_SSL=GLOB(0x1e2c468)<<< 252 2.0.0 ppisar 1 Here you can see VRFY command is used after successful TLS upgrade. That also means the Net::SMTP verified server's certificate. Otherwise it would die before. Do no use domain() method because it will reuse answer from the first answer before STARTTLS. A notice for testing. The SSL support is optional, thus perl(IO::Socket::SSL) must be installed. Otherwise an error like "To use SSL please install IO::Socket::SSL at /usr/share/perl5/Net/SMTP.pm line 218." is emitted. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:3183 |