This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 503881 - fetchmail emits pointless 'Invalid SSL protocol' error message when it isn't in actual fact an error
fetchmail emits pointless 'Invalid SSL protocol' error message when it isn't ...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: fetchmail (Show other bugs)
11
All Linux
low Severity medium
: ---
: ---
Assigned To: Vitezslav Crhonek
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-06-03 03:16 EDT by JW
Modified: 2010-04-28 05:56 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-04-28 05:56:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
fetchmailrc (106 bytes, text/plain)
2009-07-22 07:26 EDT, Vitezslav Crhonek
no flags Details
fetchmail_v.txt (2.10 KB, text/plain)
2009-07-22 07:26 EDT, Vitezslav Crhonek
no flags Details
fetchmail_v_nosyslog.txt (1.47 KB, text/plain)
2009-07-22 07:27 EDT, Vitezslav Crhonek
no flags Details
printenv.txt (2.37 KB, text/plain)
2009-07-22 07:27 EDT, Vitezslav Crhonek
no flags Details
fetchmail SVN changeset 5109 to fix sslproto "" complaints in POP3 (2.02 KB, patch)
2009-07-22 15:47 EDT, Matthias Andree
no flags Details | Diff

  None (edit)
Description JW 2009-06-03 03:16:27 EDT
Description of problem:
In some circumstances fetchmail will override user supplied sslproto and assign an empty string to the internal sslproto variable.  However, fetchmail then treats the empty string as though it was an assigned value rather than NULL and emits a pointless error message.

Version-Release number of selected component (if applicable):
fetchmail-6.3.9-3.fc11

How reproducible:
Always

Steps to Reproduce:
1. create pop3 fetchmail configuration with ssl enabled (sslproto setting seems to be ignored).
2. poll the pop3 account
  
Actual results:
fetchmail writes to stderr: Invalid SSL protocol '' specified, using default (SSLv23).

Expected results:
Nothing should be written to stderr


Additional info:
In socket.c near the string "ssl23" the following lines could be added:
                } else if (!strcasecmp("",myproto)) {
                        myproto = NULL;
Comment 1 Vitezslav Crhonek 2009-06-04 07:14:51 EDT
Reproduced.

Could you please attach your original fetchmailrc (with erased passwords and login, everything else unchanged)? Thanks in advance.
Comment 2 JW 2009-06-08 20:33:40 EDT
fetchmail config is:

defaults
     protocol pop3
     password XXXX
     is XXXX
     no keep
     no mimedecode
     ssl
     sslfingerprint "XXXX"
     sslcertck
     sslcertpath /etc/pki/tls/certs
poll pop3.live.com
     username XXXX@hotmail.com
Comment 3 Matthias Andree 2009-06-14 05:58:36 EDT
Hi JW,

I'm the upstream fetchmail maintainer.

Could you show the command line you're calling fetchmail with and double-check that this is the same configuration that gives you the problem?

While I do believe that you're seeing the problem, I cannot reproduce this with your configuration and just "fetchmail" or "fetchmail -v".

(I'm testing this on openSUSE 11.1, so I'd changed sslcertpath to /etc/ssl/certs and pasted the actual sslfingerprint of pop3.live.com. Password and Login shouldn't matter for the problem to show though).

Can you also verify with "type -a fetchmail" if you're not accidentally using an older version in /usr/local/bin or such effects?

Thank you.

Best regards
Matthias
Comment 4 JW 2009-06-14 10:14:36 EDT
> Could you show the command line you're calling fetchmail with and double-check
> that this is the same configuration that gives you the problem?
> While I do believe that you're seeing the problem, I cannot reproduce this with
> your configuration and just "fetchmail" or "fetchmail -v".

You may need to use the "--nosyslog" arg or check your syslog for the erroneous message.

In any case, I have patched my version of fetchmail (as outlined) and it eliminates the erroneous message.
Comment 5 Matthias Andree 2009-06-15 02:58:45 EDT
Hi JW,

--nosyslog does not help here with this configuration:

defaults
     protocol pop3
     password XXXX
     is XXXX
     no keep
     no mimedecode
     ssl
     sslfingerprint "D0:3C:4D:59:F6:95:37:59:EA:A9:5D:4C:CE:D3:2A:A1"
     sslcertck
     sslcertpath /etc/ssl/certs
poll pop3.live.com
     username XXX@hotmail.de


While I see that your patch removes the message, it's a cosmetic fix to a different problem. I'd like to identify and fix that rather than mask the error.

What is your command line?
What is different between your and my configurations?
(password ..., is ... and username shouldn't matter, the problem appears during SSL negotiation, i. e. before the credentials are submitted).

(I've also been testing with the Fedora 11 .src.rpm to avoid version skew.)

Thanks in advance.
Comment 6 JW 2009-06-15 08:00:02 EDT
My command-line is quite simple - it just does "fetchmail --nosyslog -f configfile".

From what I can see in the source code there appears to be various places where the code deliberately zaps "sslproto" configuration setting and sets the sslproto field to xstrdup("") for some reason.  But in the relevant portion of code the test is always for sslproto being NULL and never an empty string.

Why?

Surely it would make sense to test for sslproto being an empty string and allow that without emitting an error message.
Comment 7 Matthias Andree 2009-07-09 04:58:21 EDT
JW, there are two places in pop3.c, but none can be reached with fetchmail 6.3.9 source code and with the given config file (i. e. with ssl enabled), unless there is a hardware error or fetchmail has been miscompiled.

What is the architecture you're using?

A. "ssl" disables the zapping after capa_probe(), as maybe_tls() always returns FALSE

B. the zapping in connection_may_have_tls_errors is also defeated by "ssl".

Since I still cannot reproduce this, and from reading pop3.c and related code still don't see how we get to a point where this happens:

Can either of you who can reproduce this please:

1. provide "fetchmail -V" output

2. provide "fetchmail -v --nosyslog -f configfile" output

3. provide this *full* configfile with just passwords masked? No abbreviations please!

4a. provide the corresponding scripts used to start fetchmail

4b. provide an "env" or "printenv" dump from the shell used to start fetchmail
Comment 8 Matthias Andree 2009-07-21 05:08:43 EDT
I did some more experiments and failed to reproduce the problem.

Vitezslav/JW, is either of you willing to provide me with the details required to debug this, or should we just close the bug report as invalid (miscompilation or whatever)?

I'm very much inclined to purge this report from my upstream TODO list given that I have no further information and reading the code provides me with A and B as shown in comment #7.
Comment 9 Vitezslav Crhonek 2009-07-22 07:18:24 EDT
At the moment I'm able to reproduce it with fetchmail-6.3.8-8.fc10.x86_64 in F-10.

[vcrhonek@norcus ~]$ fetchmail 
Invalid SSL protocol '' specified, using default (SSLv23).
fetchmail: No mail for Vitezslav.Crhonek at pop3.seznam.cz
[vcrhonek@norcus ~]$ rpm -q fetchmail
fetchmail-6.3.8-8.fc10.x86_64

I'll attach required details.
Comment 10 Vitezslav Crhonek 2009-07-22 07:26:03 EDT
Created attachment 354671 [details]
fetchmailrc
Comment 11 Vitezslav Crhonek 2009-07-22 07:26:46 EDT
Created attachment 354672 [details]
fetchmail_v.txt
Comment 12 Vitezslav Crhonek 2009-07-22 07:27:13 EDT
Created attachment 354673 [details]
fetchmail_v_nosyslog.txt
Comment 13 Vitezslav Crhonek 2009-07-22 07:27:38 EDT
Created attachment 354674 [details]
printenv.txt
Comment 14 Matthias Andree 2009-07-22 15:47:45 EDT
Created attachment 354777 [details]
fetchmail SVN changeset 5109 to fix sslproto "" complaints in POP3

This is taken from the fetchmail SVN repository, -c5109, to fix sslproto issues; it appeared in fetchmail release 6.3.9 in November 2008.
Comment 15 Matthias Andree 2009-07-22 15:49:26 EDT
Thank you, Vitezslav, for providing the information. 

I'm sorry to say that 6.3.8 does not qualify, because there were relevant fixes in 6.3.9, and the current version is 6.3.10. 

From 6.3.9's NEWS file:
# BUG FIXES:
* ...
* No longer complain about invalid sslproto "" when POP3 CAPA probe fails.
  Fixes Debian Bug#421446 (Holger Leskien), Novell Bug #247233 (Jon Nelson).
  Thanks to Matthias Strauß for a configuration to reproduce the issue.

Please provide logs of 6.3.9 or 6.3.10. I'm re-enabling the needinfo flag.
Comment 16 Vitezslav Crhonek 2009-07-23 02:48:06 EDT
Sorry Matthias, I knew it bug just unsuspected it.

I'm not able to reproduce it with fetchmail-6.3.9-3.fc11 anymore.

[vcrhonek@azrael2 ~]$ fetchmail 
fetchmail: No mail for Vitezslav.Crhonek at pop3.seznam.cz
[vcrhonek@azrael2 ~]$ rpm -q fetchmail
fetchmail-6.3.9-3.fc11.i586

JW, could you please provide information wanted in comment #7?
Comment 17 Bug Zapper 2010-04-27 10:38:07 EDT
This message is a reminder that Fedora 11 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 11.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '11'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 11's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 11 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 18 Matthias Andree 2010-04-27 12:14:06 EDT
I think this bug was caused by a version skew on the reporter's end. He has probably been using 6.3.8 when he filed the issue, and 6.3.9 contained the relevant fix. I'd propose to close this bug as invalid.
Comment 19 Vitezslav Crhonek 2010-04-28 05:56:21 EDT
Fixed since fetchmail-6.3.9-3.fc11.

Note You need to log in before you can comment on or make changes to this bug.