On 4/3/21 4:40 PM, SET via arch-general wrote:
> Hello,
>
> I am having a weird issue with libesmtp : it does not use TLS, confirmed by
> wireshark sniffing.
>
> The ASP repo was pulled, and here is the result of ./configure --prefix=/usr :
>
> *************************
> *** libESMTP features ***
> *************************
> --with-auth-plugin-dir: /usr/lib/esmtp-plugins
> --with-lwres: no
> --with-openssl: no
> --enable-pthreads: yes
> --enable-etrn: no
> --enable-ntlm: no
> --enable-chunking: yes
> --enable-xusr: yes
> --enable-nsauth: yes
> --enable-debug: no
>
> After examining config.log, the conftest.c program, generated by configure,
> failed to compile :
>
> #ifdef __cplusplus
> extern "C"
> #endif
> char SSL_library_init ();
> int
> main ()
> {
> return SSL_library_init ();
> ;
> return 0;
> }
>
> By including <openssl/ssl.h> before int main(), conftest.c does compile.
>
> Talking to an SMTP server without TLS is obviously not an option.
>
> How can this be fixed ? A patch by the package maintainer ? Reporting to
> upstream ? (Seems to be fedora here)
This happens because it uses SSL_library_init and openssl < 1.1 which
the headers wrap in a compat #define
I guess the solution here is to backport
https://github.com/libesmtp/libESMTP/commit/22f05352122be48c8034fcfe6cba9c94db67e2ad
You may additionally/alternatively ask upstream to consider releasing
1.6.1 containing the currently available maintenance fixes.
--
Eli Schwartz
Bug Wrangler and Trusted User
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
