Sunday, January 14, 2018

Make 'bts' (devscripts) accept TLS connection to mail server with self signed certificate

My mail server runs with a self signed certificate. So bts, configured like this ...

BTS_SMTP_HOST=mail.wgdd.de:587
BTS_SMTP_AUTH_USERNAME='user'
BTS_SMTP_AUTH_PASSWORD='pass'

...lately refused to send mails with this error:

bts: failed to open SMTP connection to mail.wgdd.de:587
(SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed)

After searching a bit, I found a way to fix this locally without turning off the server certificate verification. The fix belongs into the send_mail() function. When calling the Net::SMTPS->new() constructor, it is possible to add the fingerprint of my self signed certificate like this (bold):

if (have_smtps) {
    $smtp = Net::SMTPS->new($host, Port => $port,
        Hello => $smtphelo, doSSL => 'starttls',
        SSL_fingerprint => 'sha1$hex-fingerprint')
        or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n";
} else {
    $smtp = Net::SMTP->new($host, Port => $port, Hello => $smtphelo)
        or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n";
}

Pretty happy to being able to use the bts command again.

5 comments:

  1. I solved the same issue by just making my MTA use Let’s Encrypt, and that’s something I recommend you do too ;)

    ReplyDelete
  2. The Dedicated Hosting is a type of website hosting mostly preferred by the large web sites or sites having huge amount of traffic and needs reliability and high-performance. minecraft server hosting

    ReplyDelete
  3. Honest enjoy to the people folks; they arrived by way of on the part of me. Obtained aggravated by my normal distributor, I have even previously bought a variety of times from Deutsche Medz nevertheless got it less expensive from various other people. Less costly isn't perpetually increased, unquestionably protrusive with you from at the moment on. Excellent from start to accomplish!

    ReplyDelete