sendemail
sendemail copied to clipboard
mogaal
Hostname verification failed
Hi I am struggling with this, I get the following error,
Use of uninitialized value $2 in concatenation (.) or string at /usr/share/perl5/IO/Socket/SSL.pm line 792. May 02 11:51:03 kali sendemail[50331]: ERROR => TLS setup failed: hostname verification failed
Please assist.
I've started seeing the identical error on my Manjaro Linux with sendEmail.
It seems like sendemail needs a method of disabling TLS certificate validation. So it can be used to send to hosts without valid TLS certs, as in self generated certificates.
For example, out of the box Debian 12 Bookworm with sendemail and exim4 cannot be used without using the -o tls=no option.
Exim > 4.93~RC1-4 defaults to having TLS on with a self signed cert. So the STARTTLS will be advertised, but the cert is self signed.
exim4 (4.93~RC1-4) unstable; urgency=low
* Add libnet-ssleay-perl dependency to "basic" autopkg test. We do not need
it yet but will forget for sure to add it when we do.
* Following upstream defaults do not disable incoming TLS by default - i.e.
if MAIN_TLS_ENABLE is not set - but use a self-signed certificate.
(Relevant upstream changes: tls_advertise_hosts defaults to * for TLS
builds since 4.87_JH/18, on-demand generation of self-signed certificate
for inbound SMTP since 4.88_JH/05, 4.93_JH/23 TLS enabled build by
default.)
Line 792 of /usr/share/perl5/IO/Socket/SSL.pm (libio-socket-ssl-perl 2.081-2), seems to a regex looking for a hostname or IP.
786 if ( $ctx->{verify_name_ref} ) {
787 # need target name for update
788 my $host = $arg_hash->{SSL_verifycn_name}
789 || $arg_hash->{SSL_hostname};
790 if ( ! defined $host ) {
791 if ( $host = $arg_hash->{PeerAddr} || $arg_hash->{PeerHost} ) {
792 $host =~s{^
793 (?:
794 ([^:\[]+) | # ipv4|host
795 (\[(.*)\]) # [ipv6|host]
796 )
797 (:[\w\-]+)? # optional :port
798 $}{$1$2}x; # ipv4|host|ipv6
799 }
800 }
801 ${$ctx->{verify_name_ref}} = $host;
One way that seems to work to get around this is to tell IO::Socket::SSL to not try to verify the certificate by setting SSL_verify_mode => 0
## Start TLS if possible
if ($conf{'tls_server'} == 1 and $conf{'tls_client'} == 1 and $opt{'tls'} =~ /^(yes|auto)$/) {
printmsg("DEBUG => Starting TLS", 2);
if (SMTPchat('STARTTLS')) { quit($conf{'error'}, 1); }
if (! IO::Socket::SSL->start_SSL($SERVER, SSL_version => 'SSLv23:!SSLv2', SSL_verify_mode => 0 )) {
#SSL_cert_file => '/etc/ssl/certs/ca-certificates.crt' )) {
quit("ERROR => TLS setup failed: " . IO::Socket::SSL::errstr(), 1);
}
The docs say to use SSL_VERIFY_NONE instead of 0, but the use of use strict; seems to prevent that from working.
Hi,
Since Update on Raspbian bookworm I have the same problem, identical configuration is working under Raspbian bullseye ...
Thank you
This worked for me
- uninstall sendemail
-
apt install apt-transport-https libio-socket-inet6-perl -y -
curl 'http://ftp.cn.debian.org/debian/pool/main/s/sendemail/sendemail_1.56-5.2~bpo12+1_all.deb' -O -
dpkg -i sendemail_1.56-5.2~bpo12+1_all.deb
thank u for leading down right path @abhi-io. note for a person that want to keep repo aligning, 1.56-5.2 is now available by bookworm-backports. i install this and it also fix. 😊
