Re: [courier-users] Disabling TLS 1.0?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 25 Jul 2018, at 18:31, Sam Varshavchik wrote:

> Greg Earle writes:
>
>> My organization is getting pressured to disable TLS 1.0 everywhere by 
>> next week.
>>
>> Is it possible to selectively do so in Courier without turning off 
>> TLS entirely?
>
> This depends both on the version of OpenSSL that's installed, and on 
> the Courier version.
>
> With the current version of both OpenSSL and Courier, it is possible 
> to accept only TLS 1.1, or higher; or TLS 1.2 or higher.
>
> [...]

Thanks Sam (and thanks Matus Uhlar).

It's an ancient frozen ops configuration so I realized I would have to 
go up to at least Courier 0.73 to get the TLS 1.1/1.2 support I need.  I 
figured might as well upgrade to 0.78.3 while I'm forced into it.

(Environment is Solaris 10 Update 1/13 with Sun/Oracle Developer Studio 
12.5.)

I have courier-unicode 2.0 successfully built & installed but when I 
went to build courier-authlib 0.68.0 it splatted pretty early on:

--
[...]
libtool: link: ( cd ".libs" && rm -f "librfc822.la" && ln -s 
"../librfc822.la" "librfc822.la" )
source='testsuite.c' object='testsuite.o' libtool=no \
DEPDIR=.deps depmode=none /bin/bash ./../../depcomp \
cc -DHAVE_CONFIG_H -I.      -I/usr/gnu/include -I/opt/courier/include 
-I.. -I./.. -c -o testsuite.o testsuite.c
/bin/bash ./libtool  --tag=CC    --mode=link cc  -I/usr/gnu/include 
-I/opt/courier/include -I.. -I./..  -static -L/opt/courier/lib 
-R/opt/courier/lib -L/usr/gnu/lib -R/usr/gnu/lib -o testsuite 
testsuite.o librfc822.la -lcourier-unicode
libtool: link: cc -I/usr/gnu/include -I/opt/courier/include -I.. -I./.. 
-o testsuite testsuite.o  -L/opt/courier/lib -L/usr/gnu/lib 
./.libs/librfc822.a /opt/courier/lib/libcourier-unicode.so 
-R/opt/courier/lib -R/opt/courier/lib -R/usr/gnu/lib
Undefined                       first referenced
  symbol                             in file
_Znwj                               
/opt/courier/lib/libcourier-unicode.so
_ZNSs4_Rep11_S_terminalE            
/opt/courier/lib/libcourier-unicode.so
_ZSt24__throw_out_of_range_fmtPKcz  
/opt/courier/lib/libcourier-unicode.so
_ZTVN10__cxxabiv120__si_class_type_infoE 
/opt/courier/lib/libcourier-unicode.so
_ZSt20__throw_length_errorPKc       
/opt/courier/lib/libcourier-unicode.so
__atomic_fetch_add_4                
/opt/courier/lib/libcourier-unicode.so
_ZSt19__throw_logic_errorPKc        
/opt/courier/lib/libcourier-unicode.so
__cxa_end_catch                     
/opt/courier/lib/libcourier-unicode.so
__cxa_begin_catch                   
/opt/courier/lib/libcourier-unicode.so
_ZdlPv                              
/opt/courier/lib/libcourier-unicode.so
_ZNSsC1EPKcRKSaIcE                  
/opt/courier/lib/libcourier-unicode.so
__SUNW_ABIG3_cpp_personality        
/opt/courier/lib/libcourier-unicode.so
_ZNSs4_Rep20_S_empty_rep_storageE   
/opt/courier/lib/libcourier-unicode.so
_ZSt17__throw_bad_allocv            
/opt/courier/lib/libcourier-unicode.so
_Unwind_Resume                      
/opt/courier/lib/libcourier-unicode.so
_ZNSs7replaceEjjPKcj                
/opt/courier/lib/libcourier-unicode.so
_ZSt9terminatev                     
/opt/courier/lib/libcourier-unicode.so
_ZNSs7reserveEj                     
/opt/courier/lib/libcourier-unicode.so
_ZTVN10__cxxabiv117__class_type_infoE 
/opt/courier/lib/libcourier-unicode.so
_ZNSs4_Rep10_M_destroyERKSaIcE      
/opt/courier/lib/libcourier-unicode.so
_ZNSs6assignEPKcj                   
/opt/courier/lib/libcourier-unicode.so
__cxa_rethrow                       
/opt/courier/lib/libcourier-unicode.so
_ZNSt8__detail15_List_node_base7_M_hookEPS0_ 
/opt/courier/lib/libcourier-unicode.so
ld: fatal: symbol referencing errors. No output written to testsuite
*** Error code 2
make: Fatal error: Command failed for target `testsuite'
Current working directory 
/usr/local/src/mail/Courier/courier-authlib-0.68.0/libs/rfc822
*** Error code 1
make: Fatal error: Command failed for target `all'
Current working directory 
/usr/local/src/mail/Courier/courier-authlib-0.68.0/libs/rfc822
*** Error code 1
--

I discovered that if instead of "cc" I use "CC -std=c++11" as the 
linker, it links.

It feels like the as-configured compilation environment didn't pick up 
the COURIER_UNICODE_CXXFLAGS="-std=c++11" setting from aclocal.m4 
somehow ...

Anyway if I add "-std=c++11" to $CXXFLAGS I get a bit further, but then 
it hits

--
source='testgdbm.C' object='testgdbm.o' libtool=no \
DEPDIR=.deps depmode=none /bin/bash ./../../depcomp \
CC -DHAVE_CONFIG_H -I.      -std=c++11 -I/opt/courier/include 
-I/usr/gnu/include -c -o testgdbm.o testgdbm.C
/bin/bash ./libtool  --tag=CXX    --mode=link CC   -std=c++11 
-I/opt/courier/include -I/usr/gnu/include -static -L/opt/courier/lib 
-R/opt/courier/lib -L/usr/gnu/lib -R/usr/gnu/lib -o testgdbm testgdbm.o 
libgdbmobj.la
libtool: link: CC -std=c++11 -I/opt/courier/include -I/usr/gnu/include 
-o testgdbm testgdbm.o  -L/opt/courier/lib -L/usr/gnu/lib 
./.libs/libgdbmobj.a /usr/gnu/lib/libgdbm.so -R/usr/gnu/lib 
-R/usr/gnu/lib -R/opt/courier/lib
unused $ADDVERS specification from file 
'/opt/developerstudio12.5/lib/compilers/CC-gcc/gcc_version.map' for 
object 'libgcc_s.so'
version(s):
         GCC_4.2.0
*** Error code 2
make: Fatal error: Command failed for target `testgdbm'
Current working directory 
/pkg/src/mail/Courier/courier-authlib-0.68.0/libs/gdbmobj
*** Error code 1
make: Fatal error: Command failed for target `all'
Current working directory 
/pkg/src/mail/Courier/courier-authlib-0.68.0/libs/gdbmobj
--

I think my homegrown "libgdbm.so" might've been built with an old GCC; 
maybe that's why I'm getting this complaint?  Seems to be the same issue 
described on this page:

https://stackoverflow.com/questions/40484094/multiple-libgcc-s-libraries-when-linking-on-solaris-with-studio-12-5

Starting to think trying to build this with Developer Studio is a losing 
cause ...

		- Greg