Open-Report-Parser icon indicating copy to clipboard operation
Open-Report-Parser copied to clipboard

Published 20 hours ago verified publisher icon userjack6880

[Bug]: Config option to ignore IMAP TLS errors does not work.

Open Foxi352 opened this issue 8 months ago • 0 comments

Describe the bug $tlsverify = 0 option in config does not work. I have an Exchange 2019 server which uses a self signed certificate. Although i disabled tls verify in config, the script errors out on invalid tls certificate.

To Reproduce Steps to reproduce the behavior: Connect on port 143 with StartTLS to IMAP server with self signed certificate while having disabled verify in config:

$imapport         = '143';
$imaptls          = '1';
$tlsverify        = '0';

Expected behavior Should ignore TLS certificate validation if option set in config

Software Version [] Exchange Server 2019

Server (please complete the following information):

  • Server OS Debian Bookworm
  • Perl Version 5.036000
  • MariaDB 10.11.8

Additional context Debug log confirms:

dmarc_report-parser  | --- DEBUG ---
dmarc_report-parser  |   use tls without verify servercert.
dmarc_report-parser  | -------------

But it still errors out on invalid certificate

dmarc_report-parser  | Started at Mon Jun 10 08:56:23 2024
dmarc_report-parser  | Using Mail::IMAPClient version 3.43 on perl 5.036000
dmarc_report-parser  | Connecting with IO::Socket::IP PeerAddr xx.xx.xx.xx PeerPort 143 Proto tcp Timeout 600 Debug 1 SSL_verify_mode 0
dmarc_report-parser  | Connected to xx.xx.xx.xx
dmarc_report-parser  | Read:    * OK The Microsoft Exchange IMAP4 service is ready.
dmarc_report-parser  | Sending: 1 STARTTLS
dmarc_report-parser  | Sent 12 bytes
dmarc_report-parser  | Read:    1 OK Begin TLS negotiation now.
dmarc_report-parser  | ERROR: Unable to start TLS: SSL connect attempt failed error:0A000086:SSL routines::certificate verify failed at /usr/share/perl5/Mail/IMAPClient.pm line 462.
dmarc_report-parser  |  Mail::IMAPClient::starttls(Mail::IMAPClient=HASH(0x561b71e7a868)) called at /usr/share/perl5/Mail/IMAPClient.pm line 420
dmarc_report-parser  |  Mail::IMAPClient::Socket(Mail::IMAPClient=HASH(0x561b71e7a868), IO::Socket::IP=GLOB(0x561b71e81e88)) called at /usr/share/perl5/Mail/IMAPClient.pm line 369
dmarc_report-parser  |  Mail::IMAPClient::connect(Mail::IMAPClient=HASH(0x561b71e7a868)) called at /usr/share/perl5/Mail/IMAPClient.pm line 315
dmarc_report-parser  |  Mail::IMAPClient::new("Mail::IMAPClient", "server", "xx.xx.xx.xx", "port", 143, "ssl", 0, "starttls", ...) called at ./report-parser.pl line 403
dmarc_report-parser  | Open Report Parser: IMAP Failure: Unable to start TLS: SSL connect attempt failed error:0A000086:SSL routines::certificate verify failed

Foxi352 avatar Jun 10 '24 09:06 Foxi352