Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

Mon, 13 Feb 2017 11:40:53 -0800 

On 13/02/17 18:50, Gert Doering wrote:
> Hi,
> 
> On Mon, Feb 13, 2017 at 06:46:11PM +0100, Olivier W wrote:
[...snip...]
>> Now I'm fighting with git which doesn't want to use gmail's smtp
>> server to send the email. My .gitconfigure file is similar to:
>> https://git-scm.com/docs/git-send-email#_example and I've added
>> "smtpsslcertpath = /etc/ssl/cert.pem" but I'm getting this error:
>> "STARTTLS failed!  at /usr/local/libexec/git-core/git-send-email line
>> 1371."
>> I'm currently searching for a solution.

smtpsslcertpath needs to point at a CA certificate which issued the SMTP
server certificate.  You can easily verify that things are correct by
grabbing the server certificate using openssl:

    $ openssl s_client -connect $SMTP_SERVER:$PORT -starttls smtp

Copy the certificate blob printed to stdout to a file.  Then take your
CA certificate (including full chain in a single file, where the root CA
certificate is the last one in file) and run this command:

    $ openssl verify -CAfile $CA_CERT_CHAIN $SERVER_CERT

The output should display the file of the server certificate and ": OK".

> That's a not exactly helpful error message... :( - I tend to just turn
> off SSL on stuff that goes to public mailing lists anyway if it causes
> issues...

OpenSSL errors requires quite some efforts to get used to.  And in
addition the git-send-email errors on top doesn't always make life easier.

>> BTW: sorry about the previous email: "[SPAM] [PATCH] Fix building with
>> LibreSSL 2.5.1 by cleaning a hack." :-/ I'm trying to not post anymore
>> buggy email here.

No worries!  As long as you don't spam us completely with non-sense, we
can handle a few misfires ;-)

> I've created my share of weird git e-mails in the past :-) - so what I've
> started to do is "send the mail to myself" (if possible, on a different
> account) and then verify if the result is what I want to see...

That's a good advice :)

-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to