From bf8def56995c4fb5523a8ace9b456f728a5a1fbb Mon Sep 17 00:00:00 2001 From: opal hart Date: Sun, 28 Oct 2018 03:34:37 +0000 Subject: community/claws-mail: TLS server name indication support Using patch included from , fixes issue with some mailservers such as Gmail refusing TLSv1.3 without SNI. --- community/claws-mail/APKBUILD | 8 ++-- community/claws-mail/sni.patch | 84 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+), 3 deletions(-) create mode 100644 community/claws-mail/sni.patch diff --git a/community/claws-mail/APKBUILD b/community/claws-mail/APKBUILD index 0da399078c..bdd797d110 100644 --- a/community/claws-mail/APKBUILD +++ b/community/claws-mail/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa pkgname=claws-mail pkgver=3.17.1 -pkgrel=0 +pkgrel=1 pkgdesc="A GTK+ based e-mail client." url="http://www.claws-mail.org" arch="all" @@ -36,7 +36,8 @@ makedepends="gtk+-dev libressl-dev startup-notification-dev enchant-dev pinentry-gtk spamassassin libical-dev ytnef-dev " depends="aspell-en" -source="http://www.claws-mail.org/download.php?file=releases/claws-mail-$pkgver.tar.gz" +source="http://www.claws-mail.org/download.php?file=releases/claws-mail-$pkgver.tar.gz + sni.patch" builddir="$srcdir"/$pkgname-$pkgver build() { @@ -168,4 +169,5 @@ _vcalendar () { _plugin "Handling of vCalendar messages in Claws Mail" "" vcalendar } -sha512sums="4e461608ffb9978dcb0ed8aa1d29cf6065797f38bb98ceae3dbca4728adc5cf20a87f5bf5123a34ccc6a87b2646e2aac5f7f9c033c473e36e0420a6958200ba1 claws-mail-3.17.1.tar.gz" +sha512sums="4e461608ffb9978dcb0ed8aa1d29cf6065797f38bb98ceae3dbca4728adc5cf20a87f5bf5123a34ccc6a87b2646e2aac5f7f9c033c473e36e0420a6958200ba1 claws-mail-3.17.1.tar.gz +7862c04979e481634084f6cbb359b9cabdda2d7468e3c76512772a3ba3890b3eb6665c47e5bfee24387c4fa6fddc6f425110a6313a177eb12dc4ebd6aa2d3f6a sni.patch" diff --git a/community/claws-mail/sni.patch b/community/claws-mail/sni.patch new file mode 100644 index 0000000000..14621ba76e --- /dev/null +++ b/community/claws-mail/sni.patch @@ -0,0 +1,84 @@ +--- a/src/common/ssl.c ++++ a/src/common/ssl.c +@@ -410,6 +410,17 @@ gboolean ssl_init_socket(SockInfo *sockinfo) + + gnutls_record_disable_padding(session); + ++ /* If we have a host name, rather than a numerical IP address, tell ++ * gnutls to send it in the server name identification extension field, ++ * to give the server a chance to select the correct certificate in the ++ * virtual hosting case where multiple domain names are hosted on the ++ * same IP address. */ ++ if (NULL != sockinfo->canonical_name && !is_numeric_host_address(sockinfo->canonical_name)) { ++ r = gnutls_server_name_set(session, GNUTLS_NAME_DNS, sockinfo->canonical_name, strlen(sockinfo->canonical_name)); ++ debug_print("Set GnuTLS session server name indication to %s, status = %d\n", ++ sockinfo->canonical_name, r); ++ } ++ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + if (claws_ssl_get_cert_file()) { +--- a/src/common/utils.c ++++ a/src/common/utils.c +@@ -1924,6 +1924,29 @@ const gchar *get_domain_name(void) + #endif + } + ++/* Tells whether the given host address string is a valid representation of a ++ * numerical IP (v4 or, if supported, v6) address. ++ */ ++gboolean is_numeric_host_address(const gchar *hostaddress) ++{ ++ struct addrinfo hints, *res; ++ int err; ++ ++ /* See what getaddrinfo makes of the string when told that it is a ++ * numeric IP address representation. */ ++ memset(&hints, 0, sizeof(struct addrinfo)); ++ hints.ai_family = AF_UNSPEC; ++ hints.ai_socktype = 0; ++ hints.ai_flags = AI_NUMERICHOST; ++ hints.ai_protocol = 0; ++ ++ err = getaddrinfo(hostaddress, NULL, &hints, &res); ++ if (0 == err) { ++ freeaddrinfo(res); ++ } ++ return (0 == err); ++} ++ + off_t get_file_size(const gchar *file) + { + #ifdef G_OS_WIN32 +--- a/src/common/utils.h ++++ a/src/common/utils.h +@@ -396,6 +396,7 @@ const gchar *get_tmp_dir (void); + const gchar *get_locale_dir (void); + gchar *get_tmp_file (void); + const gchar *get_domain_name (void); ++gboolean is_numeric_host_address (const gchar *hostaddress); + const gchar *get_desktop_file(void); + #ifdef G_OS_WIN32 + const gchar *w32_get_themes_dir (void); +--- a/src/etpan/etpan-ssl.c ++++ a/src/etpan/etpan-ssl.c +@@ -171,6 +171,19 @@ void etpan_connect_ssl_context_cb(struct mailstream_ssl_context * ssl_context, v + gnutls_x509_crt_deinit(x509); + gnutls_x509_privkey_deinit(pkey); + } ++ ++ /* If we have a host name, rather than a numerical IP address, tell ++ * gnutls to send it in the server name identification extension field, ++ * to give the server a chance to select the correct certificate in the ++ * virtual hosting case where multiple domain names are hosted on the ++ * same IP address. */ ++ if (!is_numeric_host_address(account->recv_server)) { ++ int r; ++ ++ r = mailstream_ssl_set_server_name(ssl_context, account->recv_server); ++ debug_print("Set libetpan SSL mail stream server name indication to %s, status = %d\n", ++ account->recv_server, r); ++ } + } + + #endif /* USE_GNUTLS */ -- cgit v1.2.3