You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2007/01/01 14:37:12 UTC

[Bug 5265] New: spamc using SSL gets error "SSL2_READ_INTERNAL:bad mac decode" on some platforms

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5265

           Summary: spamc using SSL gets error "SSL2_READ_INTERNAL:bad mac
                    decode" on some platforms
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P5
         Component: spamc/spamd
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: sidney@sidney.com


I don't know if this will happen on all such systems, but on my Intel MacBook
running Mac OS 10.4.8 I get this error when attempting to use spamc/spamd with
SSL. This does cause make test to fail on all the SSL tests.

I tracked this down to a problem with the SSL protocol version specified by
spamc and spamd. In libspamc.c, spamc opens a client socket specifying SSLv2
protocol. In spamd, the server socket is created listening using the default
SSLv23 protocol.

According to OpenSSL documentation there should be no problem with a SSLV23
server talking to a SSLV2 client, but on my MacBook it is not working. Searching
around, I see that common practice is to use SSLv23 on both client and server
when one wants to maximize the probability that different machines will talk to
each other. SSLv23 is a special pseudo-version that says that the client starts
with a version 2 hello, but both client and server advertise that they are
willing to talk using SSLv3 or TLSv1. The problem I am seeing is that on my
system OpenSSL SSLv23 server is not talking to a SSLv2 client, despite the
documentation saying that it should.

The other common practice I see is for programs to have options to specify a
specific protocol because apparently problems like this are not uncommon. Being
able to specify a particular protocol provides a workaround for those situations.

I propose adding an option to spamd --ssl-version=xxx where 'xxx' is one of
sslv2, sslv23, sslv3, tlsv1 and defaults to sslv23; and adding an optional
argument to the --ssl option of spamc so that you can say --ssl=xxx with the
same default and values as spamd's --ssl-version. I'm reusing --ssl to avoid
adding a new long option to spamc because it's getopt requires assigning a
one-character option for each one and we are running low on available letters.

I'm preparing a patch to submit which implements the options and adds test cases
for them.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5265] spamc using SSL gets error "SSL2_READ_INTERNAL:bad mac decode" on some platforms

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5265


sidney@sidney.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




------- Additional Comments From sidney@sidney.com  2007-01-01 07:42 -------
Committed revision 491592.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5265] spamc using SSL gets error "SSL2_READ_INTERNAL:bad mac decode" on some platforms

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5265





------- Additional Comments From sidney@sidney.com  2007-01-01 07:40 -------
Created an attachment (id=3806)
 --> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=3806&action=view)
Add the new options to spamd and spamc. Make the defaul sslv23. Add new test
cases




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5265] spamc using SSL gets error "SSL2_READ_INTERNAL:bad mac decode" on some platforms

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5265





------- Additional Comments From sidney@sidney.com  2007-01-01 15:11 -------
Updated spamc man page and spamd perldoc to document these new options

Committed revision 491679.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5265] spamc using SSL gets error "SSL2_READ_INTERNAL:bad mac decode" on some platforms

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5265





------- Additional Comments From sidney@sidney.com  2007-01-01 07:50 -------
The patch has a typo in MANIFEST, t/spamd_tls.t should have been t/spamd_ssl_tls.t

Fix was committed revision 491593.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.