Sure thing. Pasted below and attached .txt with same content as well...
Regards,Stephen
Rogers Email Account: address: <email address hidden>
imap server: imap.broadband.rogers.com:993
username: <email address hidden>
password: <redacted>
smtp: similar as above, replace "imap." with "smtp.", port 465, same user/pass
$gnutls-cli pop.verizon.net:995
Processed 127 CA certificate(s).
Resolving 'pop.verizon.net:995'...
Connecting to '66.218.85.35:995'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `CN=pop.verizon.net,O=Verizon Data Services LLC,L=Temple Terrace,ST=Florida,C=US', issuer `CN=DigiCert Baltimore CA-2 G2,OU=www.digicert.com,O=DigiCert Inc,C=US', serial 0x0128e5987aac5428187b44269bcc4722, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-01-17 00:00:00 UTC', expires `2021-12-07 12:00:00 UTC', pin-sha256="aNhhzcfwYqhSipKi6Wxk4Gs9+tKNo8L76OEHVxi9wxw="
Public Key ID: sha1:4ebacc7c149d8ba94aaf0ce3909b6d695e19a625 sha256:68d861cdc7f062a8528a92a2e96c64e06b3dfad28da3c2fbe8e1075718bdc31c
Public Key PIN: pin-sha256:aNhhzcfwYqhSipKi6Wxk4Gs9+tKNo8L76OEHVxi9wxw=
Public key's random art:
+--[ RSA 2048]----+
| |
| |
| . . |
| . o |
| E + S+ . |
| . = o ++ . |
|o +.+ .o. |
| *+* =... |
|o++ +o*. | +-----------------+
- Certificate[1] info:
- subject `CN=DigiCert Baltimore CA-2 G2,OU=www.digicert.com,O=DigiCert Inc,C=US', issuer `CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE', serial 0x0182f8098ea2e626b91a3b27841fb9af, RSA key 2048 bits, signed using RSA-SHA256, activated `2015-12-08 12:05:07 UTC', expires `2025-05-10 12:00:00 UTC', pin-sha256="56higu/MFWb/c2b0avLE5oN2ECS2C43RvzSUgx/2xIE="
- Certificate[2] info:
- subject `CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE', issuer `CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE', serial 0x020000b9, RSA key 2048 bits, signed using RSA-SHA1 (broken!), activated `2000-05-12 18:46:00 UTC', expires `2025-05-12 23:59:00 UTC', pin-sha256="Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o="
- Status: The certificate is trusted.
*** Fatal error: Internal error in memory allocation.
*** handshake has failed: Internal error in memory allocation.
$dpkg -l | grep gnutls
ii gnutls-bin 3.5.18-1ubuntu1.4 amd64 GNU TLS library - commandline utilities
ii libcurl3-gnutls:amd64 7.58.0-2ubuntu3.8 amd64 easy-to-use client-side URL transfer library (GnuTLS flavour)
ii libcurl4-gnutls-dev:amd64 7.58.0-2ubuntu3.8 amd64 development files and documentation for libcurl (GnuTLS flavour)
ii libgnutls-dane0:amd64 3.5.18-1ubuntu1.3 amd64 GNU TLS library - DANE security support
ii libgnutls-openssl27:amd64 3.5.18-1ubuntu1.3 amd64 GNU TLS library - OpenSSL wrapper
ii libgnutls30:amd64 3.5.18-1ubuntu1.3 amd64 GNU TLS library - main runtime library
ii libgnutls30:i386 3.5.18-1ubuntu1.3 i386 GNU TLS library - main runtime library
ii libneon27-gnutls:amd64 0.30.2-3~ubuntu18.04.1 amd64 HTTP and WebDAV client library (GnuTLS enabled)$
Stephen Holden
Ontario, Canada
On Monday, June 22, 2020, 2:35:53 p.m. EDT, Rod Rivers <email address hidden> wrote:
@stephenholden could you provide:
1) details on your connection type (pop/imap), server and port (in my
case this was pop to pop.verizon.net on port 995).
2) output of "dpkg -l | grep gnutls"
3) test my server using "gnutls-cli pop.verizon.net:995" (you may need
to install the gnutls-bin package) and let me know if you see the error
or a message that ends with "+OK Hello from jpop-0.1"
I just tried with the proposed repo and was able to connect, details in
another comment.
Status in Gnutls:
Unknown
Status in claws-mail package in Ubuntu:
Invalid
Status in evolution package in Ubuntu:
Invalid
Status in gnutls28 package in Ubuntu:
Fix Released
Status in gnutls28 source package in Xenial:
Fix Committed
Status in gnutls28 source package in Bionic:
Fix Committed
Status in claws-mail source package in Focal:
Invalid
Status in evolution source package in Focal:
Invalid
Status in gnutls28 source package in Focal:
Fix Committed
Status in claws-mail source package in Groovy:
Invalid
Status in evolution source package in Groovy:
Invalid
Status in gnutls28 source package in Groovy:
Fix Released
Status in gnutls28 package in CentOS:
Unknown
Bug description:
[Impact]
Evolution and Claws email clients stopped connecting to Yahoo, AOL,
Verizon, AT&T, Bell South, etc email servers which are run by the same
group. Users are unable to get to their email.
The underlying problem is that GnuTLS does not support zero length
session tickets. The fix works by checking that that ticket_len > 0
prior to calling gnutls_realloc_fast().
Nominating for SRU, fulfills: "Updates that need to be applied to
Ubuntu packages to adjust to changes in the environment, server
protocols, web services, and similar, i. e. where the current version
just ceases to work."
[testcase]
GnuTLS 3.6:
$ gnutls-cli --priority=NORMAL:-VERS-TLS1.3 pop.verizon.net:995
[...]
- Status: The certificate is trusted.
*** Fatal error: Internal error in memory allocation.
the error should be fixed with the update
GnuTLS 3.5:
$ gnutls-cli pop.verizon.net:995
GnuTLS 3.4:
$ gnutls-cli -p 995 pop.verizon.net
[regression potential]
The fix works by checking that that ticket_len > 0 prior to calling
gnutls_realloc_fast(). This creates two separate execution paths:
1) If the session ticket length > 0, which is the primary use case,
the original code block will be executed.
2) If the session ticket len is 0, then the original code block will
be skipped.
Testing will need to include connections to servers that return
session ticket length > 0 as well as ones that return session ticket
length of 0. Wireshark can be used to look at the NewSessionTicket
handshake message to confirm the session ticket length.
According to the GnuTLS project: "We utilize two continuous integration systems, the gitlab-ci and travis. Gitlab-CI is used to test most of the Linux systems (see .gitlab-ci.yml), and is split in two phases, build image creation and compilation/test. The build image creation is done at the gnutls/build-images subproject and uploads the image at the gitlab.com container registry. The compilation/test phase is on every commit to gnutls project."
Here are the results of the gitlab-ci pipeline showing all 19 tests passed for merge request 1260: https://gitlab.com/rrivers2/gnutls/-/pipelines/149155018
Page 8, section 3.3 of RFC5077 describes the NewSessionTicket handshake message and indicates that a zero length session ticket is a legitimate value: https://tools.ietf.org/pdf/rfc5077.pdf
--------------------------
When GnuTLS connects to servers that return zero length session
tickets using older TLS versions it returns the error code
GNUTLS_E_MEMORY_ERROR and the connection is closed. This prevents
Evolution and Claws email clients from connecting to Yahoo, AOL,
Verizon, AT&T, Bell South, etc email servers. Evolution displays the
message "Error performing TLS handshake: Internal error in memory
allocation"
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libgnutls30 3.5.18-1ubuntu1.3
ProcVersionSignature: Ubuntu 5.3.0-51.44~18.04.2-generic 5.3.18
Uname: Linux 5.3.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.14
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri May 1 07:03:51 2020
InstallationDate: Installed on 2017-12-12 (870 days ago)
InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801)
ProcEnviron:
PATH=(custom, no username)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls28
UpgradeStatus: Upgraded to bionic on 2018-12-28 (489 days ago)
Sure thing. Pasted below and attached .txt with same content as well...
Regards,Stephen
Rogers Email Account: address: <email address hidden> rogers. com:993
imap server: imap.broadband.
username: <email address hidden>
password: <redacted>
smtp: similar as above, replace "imap." with "smtp.", port 465, same user/pass
$gnutls-cli pop.verizon.net:995 net:995' ... 85.35:995' ... verizon. net,O=Verizon Data Services LLC,L=Temple Terrace, ST=Florida, C=US', issuer `CN=DigiCert Baltimore CA-2 G2,OU=www. digicert. com,O=DigiCert Inc,C=US', serial 0x0128e5987aac5 428187b44269bcc 4722, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-01-17 00:00:00 UTC', expires `2021-12-07 12:00:00 UTC', pin-sha256= "aNhhzcfwYqhSip Ki6Wxk4Gs9+ tKNo8L76OEHVxi9 wxw="
sha1:4ebacc7c1 49d8ba94aaf0ce3 909b6d695e19a62 5
sha256: 68d861cdc7f062a 8528a92a2e96c64 e06b3dfad28da3c 2fbe8e1075718bd c31c
pin-sha256: aNhhzcfwYqhSipK i6Wxk4Gs9+ tKNo8L76OEHVxi9 wxw=
+----- ------- -----+
Processed 127 CA certificate(s).
Resolving 'pop.verizon.
Connecting to '66.218.
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `CN=pop.
Public Key ID:
Public Key PIN:
Public key's random art:
+--[ RSA 2048]----+
| |
| |
| . . |
| . o |
| E + S+ . |
| . = o ++ . |
|o +.+ .o. |
| *+* =... |
|o++ +o*. |
- Certificate[1] info: digicert. com,O=DigiCert Inc,C=US', issuer `CN=Baltimore CyberTrust Root,OU= CyberTrust, O=Baltimore, C=IE', serial 0x0182f8098ea2e 626b91a3b27841f b9af, RSA key 2048 bits, signed using RSA-SHA256, activated `2015-12-08 12:05:07 UTC', expires `2025-05-10 12:00:00 UTC', pin-sha256= "56higu/ MFWb/c2b0avLE5o N2ECS2C43RvzSUg x/2xIE= " CyberTrust, O=Baltimore, C=IE', issuer `CN=Baltimore CyberTrust Root,OU= CyberTrust, O=Baltimore, C=IE', serial 0x020000b9, RSA key 2048 bits, signed using RSA-SHA1 (broken!), activated `2000-05-12 18:46:00 UTC', expires `2025-05-12 23:59:00 UTC', pin-sha256= "Y9mvm0exBk1JoQ 57f9Vm28jKo5lFm /woKcVxrYxu80o= "
- subject `CN=DigiCert Baltimore CA-2 G2,OU=www.
- Certificate[2] info:
- subject `CN=Baltimore CyberTrust Root,OU=
- Status: The certificate is trusted.
*** Fatal error: Internal error in memory allocation.
*** handshake has failed: Internal error in memory allocation.
$dpkg -l | grep gnutls gnutls: amd64 7.58.0-2ubuntu3.8 amd64 easy-to-use client-side URL transfer library (GnuTLS flavour) gnutls- dev:amd64 7.58.0-2ubuntu3.8 amd64 development files and documentation for libcurl (GnuTLS flavour) dane0:amd64 3.5.18-1ubuntu1.3 amd64 GNU TLS library - DANE security support openssl27: amd64 3.5.18-1ubuntu1.3 amd64 GNU TLS library - OpenSSL wrapper gnutls: amd64 0.30.2- 3~ubuntu18. 04.1 amd64 HTTP and WebDAV client library (GnuTLS enabled)$
ii gnutls-bin 3.5.18-1ubuntu1.4 amd64 GNU TLS library - commandline utilities
ii libcurl3-
ii libcurl4-
ii libgnutls-
ii libgnutls-
ii libgnutls30:amd64 3.5.18-1ubuntu1.3 amd64 GNU TLS library - main runtime library
ii libgnutls30:i386 3.5.18-1ubuntu1.3 i386 GNU TLS library - main runtime library
ii libneon27-
Stephen Holden
Ontario, Canada
On Monday, June 22, 2020, 2:35:53 p.m. EDT, Rod Rivers <email address hidden> wrote:
@stephenholden could you provide:
1) details on your connection type (pop/imap), server and port (in my
case this was pop to pop.verizon.net on port 995).
2) output of "dpkg -l | grep gnutls"
3) test my server using "gnutls-cli pop.verizon. net:995" (you may need
to install the gnutls-bin package) and let me know if you see the error
or a message that ends with "+OK Hello from jpop-0.1"
I just tried with the proposed repo and was able to connect, details in
another comment.
-- /bugs.launchpad .net/bugs/ 1876286
You received this bug notification because you are subscribed to the bug
report.
https:/
Title:
Evolution reports "Error performing TLS handshake: Internal error in
memory allocation."
Status in Gnutls:
Unknown
Status in claws-mail package in Ubuntu:
Invalid
Status in evolution package in Ubuntu:
Invalid
Status in gnutls28 package in Ubuntu:
Fix Released
Status in gnutls28 source package in Xenial:
Fix Committed
Status in gnutls28 source package in Bionic:
Fix Committed
Status in claws-mail source package in Focal:
Invalid
Status in evolution source package in Focal:
Invalid
Status in gnutls28 source package in Focal:
Fix Committed
Status in claws-mail source package in Groovy:
Invalid
Status in evolution source package in Groovy:
Invalid
Status in gnutls28 source package in Groovy:
Fix Released
Status in gnutls28 package in CentOS:
Unknown
Bug description:
[Impact]
Evolution and Claws email clients stopped connecting to Yahoo, AOL,
Verizon, AT&T, Bell South, etc email servers which are run by the same
group. Users are unable to get to their email.
The underlying problem is that GnuTLS does not support zero length realloc_ fast().
session tickets. The fix works by checking that that ticket_len > 0
prior to calling gnutls_
Nominating for SRU, fulfills: "Updates that need to be applied to
Ubuntu packages to adjust to changes in the environment, server
protocols, web services, and similar, i. e. where the current version
just ceases to work."
[testcase]
GnuTLS 3.6: NORMAL: -VERS-TLS1. 3 pop.verizon.net:995
$ gnutls-cli --priority=
[...]
- Status: The certificate is trusted.
*** Fatal error: Internal error in memory allocation.
the error should be fixed with the update
GnuTLS 3.5:
$ gnutls-cli pop.verizon.net:995
GnuTLS 3.4:
$ gnutls-cli -p 995 pop.verizon.net
[regression potential]
The fix works by checking that that ticket_len > 0 prior to calling realloc_ fast(). This creates two separate execution paths:
gnutls_
1) If the session ticket length > 0, which is the primary use case,
the original code block will be executed.
2) If the session ticket len is 0, then the original code block will
be skipped.
Testing will need to include connections to servers that return
session ticket length > 0 as well as ones that return session ticket
length of 0. Wireshark can be used to look at the NewSessionTicket
handshake message to confirm the session ticket length.
[Other Info]
The GnuTLS project's merge request 1260 fixes this bug. It was reviewed and approved by Daiki Ueno: /gitlab. com/gnutls/ gnutls/ -/merge_ requests/ 1260
https:/
According to the GnuTLS project: "We utilize two continuous integration systems, the gitlab-ci and travis. Gitlab-CI is used to test most of the Linux systems (see .gitlab-ci.yml), and is split in two phases, build image creation and compilation/test. The build image creation is done at the gnutls/build-images subproject and uploads the image at the gitlab.com container registry. The compilation/test phase is on every commit to gnutls project." /gitlab. com/rrivers2/ gnutls/ -/pipelines/ 149155018
Here are the results of the gitlab-ci pipeline showing all 19 tests passed for merge request 1260:
https:/
Page 8, section 3.3 of RFC5077 describes the NewSessionTicket handshake message and indicates that a zero length session ticket is a legitimate value: /tools. ietf.org/ pdf/rfc5077. pdf
https:/
----- ------- ------- -------
When GnuTLS connects to servers that return zero length session E_MEMORY_ ERROR and the connection is closed. This prevents
tickets using older TLS versions it returns the error code
GNUTLS_
Evolution and Claws email clients from connecting to Yahoo, AOL,
Verizon, AT&T, Bell South, etc email servers. Evolution displays the
message "Error performing TLS handshake: Internal error in memory
allocation"
ProblemType: Bug gnature: Ubuntu 5.3.0-51. 44~18.04. 2-generic 5.3.18 edia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801) DIR=<set>
DistroRelease: Ubuntu 18.04
Package: libgnutls30 3.5.18-1ubuntu1.3
ProcVersionSi
Uname: Linux 5.3.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.14
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri May 1 07:03:51 2020
InstallationDate: Installed on 2017-12-12 (870 days ago)
InstallationM
ProcEnviron:
PATH=(custom, no username)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls28
UpgradeStatus: Upgraded to bionic on 2018-12-28 (489 days ago)
To manage notifications about this bug go to: /bugs.launchpad .net/gnutls/ +bug/1876286/ +subscriptions
https:/