Sunday, January 14, 2018

Make 'bts' (devscripts) accept TLS connection to mail server with self signed certificate

My mail server runs with a self signed certificate. So bts, configured like this ...

BTS_SMTP_HOST=mail.wgdd.de:587
BTS_SMTP_AUTH_USERNAME='user'
BTS_SMTP_AUTH_PASSWORD='pass'

...lately refused to send mails with this error:

bts: failed to open SMTP connection to mail.wgdd.de:587
(SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed)

After searching a bit, I found a way to fix this locally without turning off the server certificate verification. The fix belongs into the send_mail() function. When calling the Net::SMTPS->new() constructor, it is possible to add the fingerprint of my self signed certificate like this (bold):

if (have_smtps) {
    $smtp = Net::SMTPS->new($host, Port => $port,
        Hello => $smtphelo, doSSL => 'starttls',
        SSL_fingerprint => 'sha1$hex-fingerprint')
        or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n";
} else {
    $smtp = Net::SMTP->new($host, Port => $port, Hello => $smtphelo)
        or die "$progname: failed to open SMTP connection to $smtphost\n($@)\n";
}

Pretty happy to being able to use the bts command again.

Posted by at
Labels: , , , , ,

9 comments:

  1. Andrej ShaduraJanuary 14, 2018 at 1:34 PM

    I solved the same issue by just making my MTA use Let’s Encrypt, and that’s something I recommend you do too ;)

    ReplyDelete
  2. Mueeid KhanMarch 22, 2019 at 6:06 PM

    The Dedicated Hosting is a type of website hosting mostly preferred by the large web sites or sites having huge amount of traffic and needs reliability and high-performance. minecraft server hosting

    ReplyDelete
  3. yanmaneeeJune 19, 2019 at 3:02 PM

    jordan shoes
    gucci belts
    air max
    chrome hearts outlet
    yeezy
    moncler
    ferragamo belt
    balenciaga shoes
    off white nike
    hermes belts

    ReplyDelete
  4. JohnFebruary 5, 2020 at 12:01 PM

    a

    ReplyDelete
  5. Fiona DukeFebruary 6, 2020 at 7:09 AM

    Honest enjoy to the people folks; they arrived by way of on the part of me. Obtained aggravated by my normal distributor, I have even previously bought a variety of times from Deutsche Medz nevertheless got it less expensive from various other people. Less costly isn't perpetually increased, unquestionably protrusive with you from at the moment on. Excellent from start to accomplish!

    ReplyDelete
  6. Kevin HorganMarch 31, 2020 at 11:36 AM

    Probably the most significant aspects to clans is game servers. They have nearly grown to be a requirement for clans undertake a game server to be successful and famous in market. Industry itself is tremendously saturated with miniature and substantial companies looking to usher in your business. So what is best for any clan? best ark survival server hosting

    ReplyDelete
  7. networkengineerDecember 22, 2020 at 9:30 AM

    tlab.vialink.com.br

    ReplyDelete
  8. networkengineerDecember 22, 2020 at 9:31 AM

    I am a Staff Author at FieldEngineer.com a Marketplace for On-Demand telecom workforce, extending from field engineers to high-level network engineers, project managers and Network Architects in 146 nation

    Soa security

    ReplyDelete
  9. UnknownJanuary 8, 2021 at 6:01 AM

    AEM Service packs like the Adobe Experience Manager bundle come with pre-configured security and database configurations, so that you do not need to deploy any additional atypical digital applications. These bundles also come with application up-sell and application uninstall features that help your employees manage existing installations more efficiently.

    ReplyDelete

Subscribe to: Post Comments (Atom)