Hello David,

2017-02-13 20:37 GMT+01:00 David Sommerseth <open...@sf.lists.topphemmelig.net>:
> smtpsslcertpath needs to point at a CA certificate which issued the SMTP
> server certificate.  You can easily verify that things are correct by
> grabbing the server certificate using openssl:
>     $ openssl s_client -connect $SMTP_SERVER:$PORT -starttls smtp
> Copy the certificate blob printed to stdout to a file.  Then take your
> CA certificate (including full chain in a single file, where the root CA
> certificate is the last one in file) and run this command:
>     $ openssl verify -CAfile $CA_CERT_CHAIN $SERVER_CERT
> The output should display the file of the server certificate and ": OK".

Thanks for your help, but I still can't use GMail on port 587 (but
everything is OK on port 465).
In my .gitconfig, I have "smtpsslcertpath = /etc/ssl/cert.pem" and the
.pem file exists, installed by the package "ca_root_nss" on FreeBSD.

So, I tried "openssl s_client -connect smtp.gmail.com:587 -starttls
smtp", copying the content from: "-----BEGIN CERTIFICATE-----" to
"-----END CERTIFICATE-----" in a file, but running "openssl verify
-CAfile /etc/ssl/cert.pem gmail.cert" gives:
"gmail.cert: C = US, ST = California, L = Mountain View, O = Google
Inc, CN = smtp.gmail.com
error 20 at 0 depth lookup:unable to get local issuer certificate"

I also tried on Debian and I'm getting the same error. Same thing with
Hotmail on "smtp.live.com:587".

Well, as long as I can use the other port with SSL, it's ok :-)

>> That's a not exactly helpful error message... :( - I tend to just turn
>> off SSL on stuff that goes to public mailing lists anyway if it causes
>> issues...
> OpenSSL errors requires quite some efforts to get used to.  And in
> addition the git-send-email errors on top doesn't always make life easier.

I've just tried git-send-email with "--smtp-debug=1" and the error
isn't much useful, I'm getting:
Net::SMTP=GLOB(0x8048189a8)<<< 250 SMTPUTF8
Net::SMTP=GLOB(0x8048189a8)>>> STARTTLS
Net::SMTP=GLOB(0x8048189a8)<<< 220 2.0.0 Ready to start TLS
Net::SMTP=GLOB(0x8048189a8)>>> STARTTLS
Net::SMTP: Net::Cmd::getline(): unexpected EOF on command channel:
Connection reset by peer at /usr/local/libexec/git-core/git-send-email
line 1371.
STARTTLS failed!  at /usr/local/libexec/git-core/git-send-email line 1371."

>>> BTW: sorry about the previous email: "[SPAM] [PATCH] Fix building with
>>> LibreSSL 2.5.1 by cleaning a hack." :-/ I'm trying to not post anymore
>>> buggy email here.
> No worries!  As long as you don't spam us completely with non-sense, we
> can handle a few misfires ;-)


Best Regards,

Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Openvpn-devel mailing list

Reply via email to