Package: swaks Version: 20170101.0-2 Severity: normal Tags: upstream Here is what happens when I try to generate a TLS error:
$ swaks -tls --tls-verify --ehlo test.coker.com.au -f russ...@coker.com.au -t exam...@example.com -s pop.sws.net.au === Trying pop.sws.net.au:25... === Connected to pop.sws.net.au. <- 220 smtp.sws.net.au ESMTP Postfix - by sending email to this server you agree to the conditions at this URL: http://doc.coker.com.au/legal/conditions-of-sending-email/ -> EHLO test.coker.com.au <- 250-smtp.sws.net.au <- 250-PIPELINING <- 250-SIZE 51200000 <- 250-ETRN <- 250-STARTTLS <- 250-AUTH PLAIN LOGIN <- 250-AUTH=PLAIN LOGIN <- 250-ENHANCEDSTATUSCODES <- 250-8BITMIME <- 250-DSN <- 250 SMTPUTF8 -> STARTTLS <- 220 2.0.0 Ready to start TLS === TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 === TLS no local certificate set === TLS peer DN="/CN=gpmail.sws.net.au" ~> EHLO test.coker.com.au <~ 250-smtp.sws.net.au <~ 250-PIPELINING <~ 250-SIZE 51200000 <~ 250-ETRN <~ 250-AUTH PLAIN LOGIN <~ 250-AUTH=PLAIN LOGIN <~ 250-ENHANCEDSTATUSCODES <~ 250-8BITMIME <~ 250-DSN <~ 250 SMTPUTF8 ~> MAIL FROM:<russ...@coker.com.au> Here is the sort of result that I expect: $ gnutls-cli pop.sws.net.au:25 --starttls-proto=smtp Processed 148 CA certificate(s). Resolving 'pop.sws.net.au:25'... Connecting to '203.15.121.86:25'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `CN=gpmail.sws.net.au', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', serial 0x047a9875b9f1b27b186ec2a33ea735bc5d09, RSA key 2048 bits, signed using RSA-SHA256, activated `2017-10-10 08:12:15 UTC', expires `2018-01-08 08:12:15 UTC', pin-sha256="SckWTJ2pRMCxLlQYKi/USOxUfjP7hK2MDUdcaVRnyO4=" Public Key ID: sha1:323a845463d17fcb45f7b49eb6742d8ac3eeae97 sha256:49c9164c9da944c0b12e54182a2fd448ec547e33fb84ad8c0d475c695467c8ee Public Key PIN: pin-sha256:SckWTJ2pRMCxLlQYKi/USOxUfjP7hK2MDUdcaVRnyO4= Public key's random art: +--[ RSA 2048]----+ | =o | | o .. . . .| | . . . . o.| | . . . . . ..| | . . o So o . o| | . . o o .=o| | o . o .o.o| | . E . . | | .*+. | +-----------------+ - Certificate[1] info: - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=" - Status: The certificate is NOT trusted. The name in the certificate does not match the expected. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. *** handshake has failed: Error in the certificate. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages swaks depends on: ii perl 5.26.1-2 Versions of packages swaks recommends: ii libnet-dns-perl 1.10-2 ii libnet-ssleay-perl 1.80-1+b2 Versions of packages swaks suggests: pn libauthen-ntlm-perl <none> ii libauthen-sasl-perl 2.1600-1 ii perl-doc 5.26.1-2 -- no debconf information