* smtpmail: accept untrusted certificates?
@ 2009-01-22 12:38 Stephen Berman
2009-01-29 18:35 ` Stephen Berman
0 siblings, 1 reply; 4+ messages in thread
From: Stephen Berman @ 2009-01-22 12:38 UTC (permalink / raw)
To: ding
[-- Attachment #1: Type: text/plain, Size: 783 bytes --]
I have been using the following (partly anonymized) to send email from
one of my accounts:
(defun srb-rub-smtp-send-mail-setup ()
""
(interactive)
(makunbound 'message-send-mail-function)
(makunbound 'smtpmail-default-smtp-server)
(makunbound 'smtpmail-auth-credentials)
(setq message-send-mail-function 'smtpmail-send-it
smtpmail-default-smtp-server "mail.rub.de"
smtpmail-smtp-service 587
user-mail-address "xyz@rub.de"
smtpmail-auth-credentials
'(("mail.rub.de" 587 "username" "password"))
smtpmail-starttls-credentials
'(("mail.rub.de" 587 nil nil))))
Note that no certificate and key files are specified for
smtpmail-starttls-credentials. This code has worked fine until
recently. Now when I use it no mail is sent and I get the following in
*Messages*:
[-- Attachment #2: SMTP process output --]
[-- Type: text/plain, Size: 507 bytes --]
Sending via mail...
Opening STARTTLS connection to `mail.rub.de:587'...done
STARTTLS negotiation failed:
250 8BITMIME
STARTTLS
220 ready for tls
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
- Using prime: 1032 bits
- Secret key: 1013 bits
- Peer's public key: 1024 bits
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
# The hostname in the certificate does NOT match 'mail.rub.de'.
smtpmail-send-command: Process SMTP not running
[-- Attachment #3: Type: text/plain, Size: 29 bytes --]
The SMTP session trace is:
[-- Attachment #4: SMTP session trace --]
[-- Type: text/plain, Size: 237 bytes --]
Process SMTP exited abnormally with code 1
220 mail.ruhr-uni-bochum.de NO UCE C=DE ESMTP
EHLO escher.local.home
250-mail.ruhr-uni-bochum.de NO UCE C=DE
250-STARTTLS
250-AUTH LOGIN PLAIN
250-PIPELINING
EHLO escher.local.home
QUIT
[-- Attachment #5: Type: text/plain, Size: 277 bytes --]
When I opened this email account with Kmail (the KDE mail program), it
told me the certificate is untrusted, but allowed me to accept it
anyway. Is this also possible with smtpmail.el (or I suppose with the
program it uses, gnutls-cli), and if so, how?
Thanks,
Steve Berman
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: smtpmail: accept untrusted certificates?
2009-01-22 12:38 smtpmail: accept untrusted certificates? Stephen Berman
@ 2009-01-29 18:35 ` Stephen Berman
2009-01-29 19:55 ` Ted Zlatanov
0 siblings, 1 reply; 4+ messages in thread
From: Stephen Berman @ 2009-01-29 18:35 UTC (permalink / raw)
To: ding
(My post was mangled; here is the whole thing.)
I have been using the following (partly anonymized) to send email from
one of my accounts:
(defun srb-rub-smtp-send-mail-setup ()
""
(interactive)
(makunbound 'message-send-mail-function)
(makunbound 'smtpmail-default-smtp-server)
(makunbound 'smtpmail-auth-credentials)
(setq message-send-mail-function 'smtpmail-send-it
smtpmail-default-smtp-server "mail.rub.de"
smtpmail-smtp-service 587
user-mail-address "xyz@rub.de"
smtpmail-auth-credentials
'(("mail.rub.de" 587 "username" "password"))
smtpmail-starttls-credentials
'(("mail.rub.de" 587 nil nil))))
Note that no certificate and key files are specified for
smtpmail-starttls-credentials. This code has worked fine until
recently. Now when I use it no mail is sent and I get the following in
*Messages*:
Sending via mail...
Opening STARTTLS connection to `mail.rub.de:587'...done
STARTTLS negotiation failed:
250 8BITMIME
STARTTLS
220 ready for tls
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
- Using prime: 1032 bits
- Secret key: 1013 bits
- Peer's public key: 1024 bits
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
# The hostname in the certificate does NOT match 'mail.rub.de'.
smtpmail-send-command: Process SMTP not running
The SMTP session trace is:
Process SMTP exited abnormally with code 1
220 mail.ruhr-uni-bochum.de NO UCE C=DE ESMTP
EHLO escher.local.home
250-mail.ruhr-uni-bochum.de NO UCE C=DE
250-STARTTLS
250-AUTH LOGIN PLAIN
250-PIPELINING
EHLO escher.local.home
QUIT
When I opened this email account with Kmail (the KDE mail program), it
told me the certificate is untrusted, but allowed me to accept it
anyway. Is this also possible with smtpmail.el (or I suppose with the
program it uses, gnutls-cli), and if so, how?
Thanks,
Steve Berman
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: smtpmail: accept untrusted certificates?
2009-01-29 18:35 ` Stephen Berman
@ 2009-01-29 19:55 ` Ted Zlatanov
2009-02-03 15:19 ` Stephen Berman
0 siblings, 1 reply; 4+ messages in thread
From: Ted Zlatanov @ 2009-01-29 19:55 UTC (permalink / raw)
To: ding
On Thu, 29 Jan 2009 19:35:57 +0100 Stephen Berman <stephen.berman@gmx.net> wrote:
SB> When I opened this email account with Kmail (the KDE mail program), it
SB> told me the certificate is untrusted, but allowed me to accept it
SB> anyway. Is this also possible with smtpmail.el (or I suppose with the
SB> program it uses, gnutls-cli), and if so, how?
% gnutls-cli -h
GNU TLS test client
Usage: gnutls-cli [options] hostname
...
--insecure Don't abort program if server
certificate can't be validated.
...
To do it as an customization, do
M-x customize-variable starttls-extra-arguments
and just add "--insecure".
Ted
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: smtpmail: accept untrusted certificates?
2009-01-29 19:55 ` Ted Zlatanov
@ 2009-02-03 15:19 ` Stephen Berman
0 siblings, 0 replies; 4+ messages in thread
From: Stephen Berman @ 2009-02-03 15:19 UTC (permalink / raw)
To: ding
On Thu, 29 Jan 2009 13:55:49 -0600 Ted Zlatanov <tzz@lifelogs.com> wrote:
> On Thu, 29 Jan 2009 19:35:57 +0100 Stephen Berman <stephen.berman@gmx.net> wrote:
>
> SB> When I opened this email account with Kmail (the KDE mail program), it
> SB> told me the certificate is untrusted, but allowed me to accept it
> SB> anyway. Is this also possible with smtpmail.el (or I suppose with the
> SB> program it uses, gnutls-cli), and if so, how?
>
> % gnutls-cli -h
> GNU TLS test client
> Usage: gnutls-cli [options] hostname
>
> ...
> --insecure Don't abort program if server
> certificate can't be validated.
> ...
>
> To do it as an customization, do
>
> M-x customize-variable starttls-extra-arguments
>
> and just add "--insecure".
>
> Ted
Thanks! (I had read the gnutls-cli man page but it does not mention
--insecure :-( I didn't think to look at the command line help.)
--
Steve Berman
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-02-03 15:19 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-01-22 12:38 smtpmail: accept untrusted certificates? Stephen Berman
2009-01-29 18:35 ` Stephen Berman
2009-01-29 19:55 ` Ted Zlatanov
2009-02-03 15:19 ` Stephen Berman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).