Hello David, 2017-02-13 20:37 GMT+01:00 David Sommerseth <open...@sf.lists.topphemmelig.net>: > > smtpsslcertpath needs to point at a CA certificate which issued the SMTP > server certificate. You can easily verify that things are correct by > grabbing the server certificate using openssl: > > $ openssl s_client -connect $SMTP_SERVER:$PORT -starttls smtp > > Copy the certificate blob printed to stdout to a file. Then take your > CA certificate (including full chain in a single file, where the root CA > certificate is the last one in file) and run this command: > > $ openssl verify -CAfile $CA_CERT_CHAIN $SERVER_CERT > > The output should display the file of the server certificate and ": OK".
Thanks for your help, but I still can't use GMail on port 587 (but everything is OK on port 465). In my .gitconfig, I have "smtpsslcertpath = /etc/ssl/cert.pem" and the .pem file exists, installed by the package "ca_root_nss" on FreeBSD. So, I tried "openssl s_client -connect smtp.gmail.com:587 -starttls smtp", copying the content from: "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----" in a file, but running "openssl verify -CAfile /etc/ssl/cert.pem gmail.cert" gives: "gmail.cert: C = US, ST = California, L = Mountain View, O = Google Inc, CN = smtp.gmail.com error 20 at 0 depth lookup:unable to get local issuer certificate" I also tried on Debian and I'm getting the same error. Same thing with Hotmail on "smtp.live.com:587". Well, as long as I can use the other port with SSL, it's ok :-) >> That's a not exactly helpful error message... :( - I tend to just turn >> off SSL on stuff that goes to public mailing lists anyway if it causes >> issues... > > OpenSSL errors requires quite some efforts to get used to. And in > addition the git-send-email errors on top doesn't always make life easier. I've just tried git-send-email with "--smtp-debug=1" and the error isn't much useful, I'm getting: "... Net::SMTP=GLOB(0x8048189a8)<<< 250 SMTPUTF8 Net::SMTP=GLOB(0x8048189a8)>>> STARTTLS Net::SMTP=GLOB(0x8048189a8)<<< 220 2.0.0 Ready to start TLS Net::SMTP=GLOB(0x8048189a8)>>> STARTTLS Net::SMTP: Net::Cmd::getline(): unexpected EOF on command channel: Connection reset by peer at /usr/local/libexec/git-core/git-send-email line 1371. STARTTLS failed! at /usr/local/libexec/git-core/git-send-email line 1371." >>> BTW: sorry about the previous email: "[SPAM] [PATCH] Fix building with >>> LibreSSL 2.5.1 by cleaning a hack." :-/ I'm trying to not post anymore >>> buggy email here. > > No worries! As long as you don't spam us completely with non-sense, we > can handle a few misfires ;-) ;-) Best Regards, Olivier ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
