Done both of these steps. I can send an email as myself via a console app. I've also completely blown away the shared cert store and reimported, twice.
I'm not a Linux pro, far from it, can you suggest a way I could run a console app as the apache user from the command line? There's a way to do this through sudo, right? Thanks. -Abe On Mon, Jul 12, 2010 at 3:34 PM, Sebastien Pouliot <[email protected]> wrote: > Abe, > > If you can't test it with the apache user then write a non-ASP.NET app > doing the same (emailing) and run it under your current user. > > Then use certmgr to delete all certificates (of the current user, not > machine) and try again. At this step you'll be sure if (or not) the > required certificates were found. > > Update the bug report with the above information. > > Thanks > Sebastien > > On Mon, 2010-07-12 at 15:19 -0400, Abe Gillespie wrote: >> Hi Sebastian, >> >> I ran mozroots as myself but with the -m switch to install into the >> machine store. Of course I did run it with "sudo" so it's technically >> owned by root:root. I don't believe it's a permissions problem >> because a) this worked fine somewhere along the 2.4.x line, b) others >> seem to be experiencing this as a recent regression as evidenced by >> this http://bit.ly/bjxgHT, and c) I'm *pretty* sure the apache user >> has the necessary rights to read the certs - ugo all have the "r" flag >> set through the entire directory structure to the certs >> (/usr/share/.mono/certs/*), unfortunately I couldn't verify for sure >> because when I switch user from root to apache I get "This account is >> currently not available.". >> >> -Abe >> >> On Mon, Jul 12, 2010 at 1:43 PM, Sebastien Pouliot >> <[email protected]> wrote: >> > On Sat, 2010-07-10 at 13:44 -0400, Abe Gillespie wrote: >> >> sberryman, Jan, >> >> >> >> Thanks for the help, guys. I did try this as I've used this >> >> work-around before and I *thought* it wasn't working as well. But I >> >> just had another try and it worked fine. >> >> >> >> Now, is there a safe way to implement this work-around? >> > >> > Not really - otherwise there would be no gain (just pain) in verifying >> > the certificate chain ;-) >> > >> >> I'm not much >> >> of a security wonk, so what can I check in the cert to accept only >> >> Google's? I see properties like Issuer, Thumbprint, and >> >> GetRawCertData. >> > >> >> Can I use any of these to verify, or at least do >> >> slightly more than "return true" for all certs? >> > >> > You can check the thumbprint (it's a hash) but that will stop working >> > when Google updates its certificate or if it use more than one >> > certificate (e.g. on different servers). >> > >> > Now (from the bug report) it looks like you have permission issues when >> > executing code from apache (likely it can't read the certificates). See >> > my comment there... >> > >> >> Thanks. >> >> -Abe >> >> >> >> On Fri, Jul 9, 2010 at 10:06 PM, sberryman <[email protected]> wrote: >> >> > >> >> > You could always use the ServicePointManager to accept all SSL certs. >> >> > Security risk but I've used it in the past when I've had problems with >> >> > Mono >> >> > and SSL certs. >> >> > >> >> > Simply add the following delegate before you send the email. >> >> > >> >> > ServicePointManager.ServerCertificateValidationCallback = >> >> > delegate(object >> >> > sender, System.Security.Cryptography.X509Certificates.X509Certificate >> >> > certificate, System.Security.Cryptography.X509Certificates.X509Chain >> >> > chain, >> >> > System.Net.Security.SslPolicyErrors sslPolicyErrors) >> >> > { >> >> > return true; >> >> > }; >> >> > >> >> > -- >> >> > View this message in context: >> >> > http://mono.1490590.n4.nabble.com/Preview-2-6-6-tp2279971p2284277.html >> >> > Sent from the Mono - General mailing list archive at Nabble.com. >> >> > _______________________________________________ >> >> > Mono-list maillist - [email protected] >> >> > http://lists.ximian.com/mailman/listinfo/mono-list >> >> > >> >> _______________________________________________ >> >> Mono-list maillist - [email protected] >> >> http://lists.ximian.com/mailman/listinfo/mono-list >> > >> > >> > > > > _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
