You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2007/01/01 14:37:12 UTC
[Bug 5265] New: spamc using SSL gets error "SSL2_READ_INTERNAL:bad mac decode" on some platforms
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5265
Summary: spamc using SSL gets error "SSL2_READ_INTERNAL:bad mac
decode" on some platforms
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: spamc/spamd
AssignedTo: dev@spamassassin.apache.org
ReportedBy: sidney@sidney.com
I don't know if this will happen on all such systems, but on my Intel MacBook
running Mac OS 10.4.8 I get this error when attempting to use spamc/spamd with
SSL. This does cause make test to fail on all the SSL tests.
I tracked this down to a problem with the SSL protocol version specified by
spamc and spamd. In libspamc.c, spamc opens a client socket specifying SSLv2
protocol. In spamd, the server socket is created listening using the default
SSLv23 protocol.
According to OpenSSL documentation there should be no problem with a SSLV23
server talking to a SSLV2 client, but on my MacBook it is not working. Searching
around, I see that common practice is to use SSLv23 on both client and server
when one wants to maximize the probability that different machines will talk to
each other. SSLv23 is a special pseudo-version that says that the client starts
with a version 2 hello, but both client and server advertise that they are
willing to talk using SSLv3 or TLSv1. The problem I am seeing is that on my
system OpenSSL SSLv23 server is not talking to a SSLv2 client, despite the
documentation saying that it should.
The other common practice I see is for programs to have options to specify a
specific protocol because apparently problems like this are not uncommon. Being
able to specify a particular protocol provides a workaround for those situations.
I propose adding an option to spamd --ssl-version=xxx where 'xxx' is one of
sslv2, sslv23, sslv3, tlsv1 and defaults to sslv23; and adding an optional
argument to the --ssl option of spamc so that you can say --ssl=xxx with the
same default and values as spamd's --ssl-version. I'm reusing --ssl to avoid
adding a new long option to spamc because it's getopt requires assigning a
one-character option for each one and we are running low on available letters.
I'm preparing a patch to submit which implements the options and adds test cases
for them.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5265] spamc using SSL gets error "SSL2_READ_INTERNAL:bad mac decode" on some platforms
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5265
sidney@sidney.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From sidney@sidney.com 2007-01-01 07:42 -------
Committed revision 491592.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5265] spamc using SSL gets error "SSL2_READ_INTERNAL:bad mac decode" on some platforms
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5265
------- Additional Comments From sidney@sidney.com 2007-01-01 07:40 -------
Created an attachment (id=3806)
--> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=3806&action=view)
Add the new options to spamd and spamc. Make the defaul sslv23. Add new test
cases
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5265] spamc using SSL gets error "SSL2_READ_INTERNAL:bad mac decode" on some platforms
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5265
------- Additional Comments From sidney@sidney.com 2007-01-01 15:11 -------
Updated spamc man page and spamd perldoc to document these new options
Committed revision 491679.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5265] spamc using SSL gets error "SSL2_READ_INTERNAL:bad mac decode" on some platforms
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5265
------- Additional Comments From sidney@sidney.com 2007-01-01 07:50 -------
The patch has a typo in MANIFEST, t/spamd_tls.t should have been t/spamd_ssl_tls.t
Fix was committed revision 491593.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.