Bug 1290043 - mailx always fails smtp send when -S ssl-verify=strict
mailx always fails smtp send when -S ssl-verify=strict
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: mailx (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Nikola Forró
Robin Hack
: EasyFix, Patch
Depends On:
Blocks: 1298243 1400961 1290072 1296536 1380364 1393870
  Show dependency treegraph
Reported: 2015-12-09 09:46 EST by Martin Poole
Modified: 2017-08-01 12:08 EDT (History)
4 users (show)

See Also:
Fixed In Version: mailx-12.5-14.el7
Doc Type: Bug Fix
Doc Text:
Cause: There was a bug in nss_check_host function returning failure when matching SAN hostname was found in certificate. Consequence: mailx with strict SSL verification enabled failed to connect to a server with SAN hostname in certificate. Fix: nss_check_host function was fixed to return proper value. Result: mail with strict SSL verification is now able to connect to a server with SAN hostname in certificate.
Story Points: ---
Clone Of:
: 1290072 1296536 (view as bug list)
Last Closed: 2017-08-01 12:08:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
nss_check_host fix (661 bytes, patch)
2016-01-07 08:01 EST, Nikola Forró
no flags Details | Diff

  None (edit)
Description Martin Poole 2015-12-09 09:46:19 EST
Description of problem:

mailx always fails when attempting to perform an SMTP send to a secure server if strict verification is set, regardless of nss-config-dir contents.

Version-Release number of selected component (if applicable):

How reproducible:


Steps to Reproduce:

mailx -S smtp=smtps://smtp.example.com:465 \
     -S ssl-verify=strict \
     -S nss-config-dir=/etc/pki/nssdb \
     -s 'Testing secure send' \

Actual results:

Resolving host smtp.example.com . . . done.
Connecting to . . . connected.
Comparing DNS name: "smtp.example.com"
"/home/joe/dead.letter" 14/382
. . . message not sent.

Expected results:

mail should be sent.

Additional info:

Send fails regardless of contents of nss db in referenced directory.
Comment 4 Nikola Forró 2016-01-07 08:01 EST
Created attachment 1112441 [details]
nss_check_host fix
Comment 14 errata-xmlrpc 2017-08-01 12:08:38 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.