Bug#917993: wmbiff: gmail (and many other IMAP servers) now require SNI

Wed Jan 2 02:33:51 GMT 2019

Package: wmbiff
Version: 0.4.31-2
Severity: important
Tags: upstream patch

wmbiff/gmail imap4: Need new connection to ***@gmail.com at imap.gmail.com
wmbiff/gmail comm: certificate passed time check.
wmbiff/gmail comm: server's certificate (OU=No SNI provided\; please fix your client.,CN=invalid2.invalid) does not match its hostname (imap.gmail.com).
wmbiff/gmail comm: server's certificate does not match its hostname.
wmbiff/gmail comm: to ignore this error, run wmbiff with the -skip-certificate-check option

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'oldstable'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages wmbiff depends on:
ii  libc6        2.28-2
ii  libgcrypt20  1.8.4-4
ii  libgnutls30  3.6.5-2
ii  libx11-6     2:1.6.7-1
ii  libxext6     2:1.3.3-1+b2
ii  libxpm4      1:3.5.12-1

wmbiff recommends no packages.

Versions of packages wmbiff suggests:
ii  ruby         1:2.5.1
pn  ssh-askpass  <none>

-- no debconf information
-------------- next part --------------

diff --git a/wmbiff/tlsComm.c b/wmbiff/tlsComm.c
index f37f3f5..bd6c7c4 100644
--- a/wmbiff/tlsComm.c
+++ b/wmbiff/tlsComm.c
@@ -599,6 +599,8 @@ struct connection_state *initialize_gnutls(intptr_t sd, char *name, Pop3 pc,
 			}
 		}
 
+		gnutls_server_name_set(scs->tls_state, GNUTLS_NAME_DNS,
+						remote_hostname, strnlen(remote_hostname, 256));
 		gnutls_cred_set(scs->tls_state, GNUTLS_CRD_CERTIFICATE,
 						scs->xcred);
 		gnutls_transport_set_ptr(scs->tls_state,
