Curl patch for ZCS 8.0.7

Curl patch for ZCS 8.0.7

Submitted by admin on Mon, 04/28/2014 - 13:04

Last updated on Tue, 04/29/2014 - 17:05

Some customers reported an issue where SMTP authentication would fail for some clients against Zimbra Collaboration Server 8.0.7. The bug number where this is being tracked is the following:

SSL protocol errors caused by broken curl release [https://bugzilla.zimbra.com/show_bug.cgi?id=88926]

The log errors are like the following in /var/log/zimbra.log:

Apr 11 11:54:38 mta1 saslauthd[2229]: zmauth: authenticating against elected url 'https://mail.example.com:7071/service/admin/soap/' ...
Apr 11 11:54:38 mta1 saslauthd[2229]: authentication against url 'https://mail.example.com:7071/service/admin/soap/' caused error 'curl_easy_perform: error(35): Unknown SSL protocol error in connection to mail.example.com:7071 '
Apr 11 11:54:38 ne-mta1 saslauthd[2229]: url 'https://mail.example.com:7071/service/admin/soap/' will not be used for (at least) 600 seconds

This authentication problem is due to a bug in the version of curl shipped with ZCS 8.0.7:https://bbs.archlinux.org/viewtopic.php?id=175433

Zimbra will fix this in the next Maintenance Release of the software. In the meantime, Zimbra has produced a patch that will update curl to a working version. The patch is available here:

http://files.zimbra.com/downloads/security/zmcurl807-updater.sh

The patch steps are the following, to be run on all Zimbra nodes. The above fix is specifically for authentication on the MTAs, but curl is used elsewhere in the platform too:

(as root)
# wget http://files.zimbra.com/downloads/security/zmcurl807-updater.sh
# chmod 755 zmcurl807-updater.sh
# ./zmcurl807-updater.sh
# su - zimbra
$ zmmtactl stop; zmmtactl start

The patch will download the correct set of binaries for your OS, and install them. Please note that this patch now also supports an offline mode for servers that can't reach the Internet directly. First download the appropriate binaries from this location:

RHEL/CentOS 6: http://files.zimbra.com/downloads/8.0.7_GA/curl/RHEL6_64/curl-7.35.0.tgz
UBUNTU 10: http://files.zimbra.com/downloads/8.0.7_GA/curl/UBUNTU10_64/curl-7.35.0.tgz
UBUNTU 12: http://files.zimbra.com/downloads/8.0.7_GA/curl/UBUNTU12_64/curl-7.35.0.tgz
SLES 11: http://files.zimbra.com/downloads/8.0.7_GA/curl/SLES11_64/curl-7.35.0.tgz

The MD5 checksums are also available:

RHEL/CentOS 6: http://files.zimbra.com/downloads/8.0.7_GA/curl/RHEL6_64/curl-7.35.0.tgz.md5sum
UBUNTU 10: http://files.zimbra.com/downloads/8.0.7_GA/curl/UBUNTU10_64/curl-7.35.0.tgz.md5sum
UBUNTU 12: http://files.zimbra.com/downloads/8.0.7_GA/curl/UBUNTU12_64/curl-7.35.0.tgz.md5sum
SLES 11: http://files.zimbra.com/downloads/8.0.7_GA/curl/SLES11_64/curl-7.35.0.tgz.md5sum

Then place the downloaded tgz file at the following location: /tmp/curl/$PLAT/ (where $PLAT is one of RHEL6_64, SLES11_64, UBUNTU10_64, or UBUNTU12_64). Then run:

(as root)
./zmcurl807-updater.sh -o

Please let us know if any questions or issues.

Login to post a comment
Supported By Jabetto