[PATCH] send-email: provide port separately from hostname

[PATCH] send-email: provide port separately from hostname

[brian m. carlson]

From: "brian m. carlson" <sandals@crustytoothpaste.net>

If the SMTP port is provided as part of the hostname to Net::SMTP, it passes
the combined string to the SASL provider; this causes GSSAPI authentication to
fail since Kerberos does not want the port information.  Instead, pass the port
as a separate argument as is done for SSL connections.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
---
 git-send-email.perl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/git-send-email.perl b/git-send-email.perl
index bd13cc8..ca86a13 100755
--- a/git-send-email.perl
+++ b/git-send-email.perl
@@ -1199,9 +1199,11 @@ X-Mailer: git-send-email $gitversion
 		else {
 			require Net::SMTP;
 			$smtp_domain ||= maildomain();
-			$smtp ||= Net::SMTP->new(smtp_host_string(),
+			$smtp_server_port ||= 25;
+			$smtp ||= Net::SMTP->new($smtp_server,
 						 Hello => $smtp_domain,
-						 Debug => $debug_net_smtp);
+						 Debug => $debug_net_smtp,
+						 Port => $smtp_server_port);
 			if ($smtp_encryption eq 'tls' && $smtp) {
 				require Net::SMTP::SSL;
 				$smtp->command('STARTTLS');
-- 
1.8.3.2.923.g2a18ff8.dirty

Re: [PATCH] send-email: provide port separately from hostname

[Ramkumar Ramachandra]

brian m. carlson wrote:
> diff --git a/git-send-email.perl b/git-send-email.perl
> index bd13cc8..ca86a13 100755
> --- a/git-send-email.perl
> +++ b/git-send-email.perl
> @@ -1199,9 +1199,11 @@ X-Mailer: git-send-email $gitversion
>                 else {
>                         require Net::SMTP;
>                         $smtp_domain ||= maildomain();
> -                       $smtp ||= Net::SMTP->new(smtp_host_string(),

Hm, so the problem occurs when you give smtp_host_string() to
Net::SMTP->new() as the first argument.

> +                       $smtp_server_port ||= 25;

So if smtp_host_string() returns a hostname without a port, then
Net::SMTP->new() will connect to port 25 by default?

> If the SMTP port is provided as part of the hostname to Net::SMTP, it passes
> the combined string to the SASL provider; this causes GSSAPI authentication to
> fail since Kerberos does not want the port information.  Instead, pass the port
> as a separate argument as is done for SSL connections.

I need to be in a (firewalled?) network that uses Kerberos to
reproduce this, right?  Even if I can't reproduce it, the change seems
to be fine.

While we're on the subject, do you know how to get rid of this huge
ugly warning I get everytime I send emails?

*******************************************************************
 Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
 is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
 together with SSL_ca_file|SSL_ca_path for verification.
 If you really don't want to verify the certificate and keep the
 connection open to Man-In-The-Middle attacks please set
 SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
*******************************************************************
  at /home/artagnon/src/git/git-send-email line 1200.

Thanks.

Re: [PATCH] send-email: provide port separately from hostname

[brian m. carlson]

[-- Attachment #1: Type: text/plain, Size: 2046 bytes --]

On Fri, Jul 05, 2013 at 04:12:19AM +0530, Ramkumar Ramachandra wrote:
> Hm, so the problem occurs when you give smtp_host_string() to
> Net::SMTP->new() as the first argument.

Yes.  I created a test program, and Net::SMTP was fine as long as I used
Port, but failed when I included the port in the hostname string.
Arguably this is a bug in Net::SMTP.

> So if smtp_host_string() returns a hostname without a port, then
> Net::SMTP->new() will connect to port 25 by default?

Correct.  Port 25 is the default for Net::SMTP, so there's no change in
behavior.

> I need to be in a (firewalled?) network that uses Kerberos to
> reproduce this, right?  Even if I can't reproduce it, the change seems
> to be fine.

You need to have access to a mail server that will only relay when
authenticated, and only accepts GSSAPI.  My personal server accepts
GSSAPI always and PLAIN only when TLS is enabled, so I just turned off
TLS temporarily to test.

As for Kerberos, yes, you'd need to have it set up to reproduce this.

> While we're on the subject, do you know how to get rid of this huge
> ugly warning I get everytime I send emails?
> 
> *******************************************************************
>  Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
>  is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
>  together with SSL_ca_file|SSL_ca_path for verification.
>  If you really don't want to verify the certificate and keep the
>  connection open to Man-In-The-Middle attacks please set
>  SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
> *******************************************************************
>   at /home/artagnon/src/git/git-send-email line 1200.

You need to explicitly specify an SSL_verify_mode argument to start_SSL.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]