From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/68228 Path: news.gmane.org!not-for-mail From: Stephen Berman Newsgroups: gmane.emacs.gnus.general Subject: Re: smtpmail: accept untrusted certificates? Date: Thu, 29 Jan 2009 19:35:57 +0100 Message-ID: <87fxj2c642.fsf@escher.local.home> References: <874ozrqzwk.fsf@escher.local.home> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-Trace: ger.gmane.org 1233254247 11009 80.91.229.12 (29 Jan 2009 18:37:27 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 29 Jan 2009 18:37:27 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M16669@lists.math.uh.edu Thu Jan 29 19:38:40 2009 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.50) id 1LSbma-0001MI-1V for ding-account@gmane.org; Thu, 29 Jan 2009 19:38:32 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1LSbkJ-0001Mk-S4; Thu, 29 Jan 2009 12:36:11 -0600 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1LSbkI-0001MV-8V for ding@lists.math.uh.edu; Thu, 29 Jan 2009 12:36:10 -0600 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtp (Exim 4.69) (envelope-from ) id 1LSbkE-0001TF-B8 for ding@lists.math.uh.edu; Thu, 29 Jan 2009 12:36:10 -0600 Original-Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian)) id 1LSbkX-0005Rv-00 for ; Thu, 29 Jan 2009 19:36:25 +0100 Original-Received: from list by ciao.gmane.org with local (Exim 4.43) id 1LSbkD-0003aD-5h for ding@gnus.org; Thu, 29 Jan 2009 18:36:05 +0000 Original-Received: from i59f5677b.versanet.de ([89.245.103.123]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 29 Jan 2009 18:36:05 +0000 Original-Received: from stephen.berman by i59f5677b.versanet.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 29 Jan 2009 18:36:05 +0000 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 65 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: i59f5677b.versanet.de User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux) X-Spam-Score: -3.6 (---) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:68228 Archived-At: (My post was mangled; here is the whole thing.) I have been using the following (partly anonymized) to send email from one of my accounts: (defun srb-rub-smtp-send-mail-setup () "" (interactive) (makunbound 'message-send-mail-function) (makunbound 'smtpmail-default-smtp-server) (makunbound 'smtpmail-auth-credentials) (setq message-send-mail-function 'smtpmail-send-it smtpmail-default-smtp-server "mail.rub.de" smtpmail-smtp-service 587 user-mail-address "xyz@rub.de" smtpmail-auth-credentials '(("mail.rub.de" 587 "username" "password")) smtpmail-starttls-credentials '(("mail.rub.de" 587 nil nil)))) Note that no certificate and key files are specified for smtpmail-starttls-credentials. This code has worked fine until recently. Now when I use it no mail is sent and I get the following in *Messages*: Sending via mail... Opening STARTTLS connection to `mail.rub.de:587'...done STARTTLS negotiation failed: 250 8BITMIME STARTTLS 220 ready for tls *** Starting TLS handshake - Ephemeral Diffie-Hellman parameters - Using prime: 1032 bits - Secret key: 1013 bits - Peer's public key: 1024 bits - Certificate type: X.509 - Got a certificate list of 4 certificates. - Certificate[0] info: # The hostname in the certificate does NOT match 'mail.rub.de'. smtpmail-send-command: Process SMTP not running The SMTP session trace is: Process SMTP exited abnormally with code 1 220 mail.ruhr-uni-bochum.de NO UCE C=DE ESMTP EHLO escher.local.home 250-mail.ruhr-uni-bochum.de NO UCE C=DE 250-STARTTLS 250-AUTH LOGIN PLAIN 250-PIPELINING EHLO escher.local.home QUIT When I opened this email account with Kmail (the KDE mail program), it told me the certificate is untrusted, but allowed me to accept it anyway. Is this also possible with smtpmail.el (or I suppose with the program it uses, gnutls-cli), and if so, how? Thanks, Steve Berman