 |
|
Item14205: Autoconfig Email failing with recent versions of IO::Socket::SSL.
Priority: Urgent
Current State: Closed
Released In: 2.1.3
Target Release: patch
Current State: Closed
Released In: 2.1.3
Target Release: patch
Testing STARTTLS with NO host verification on smtp port (25) Net::SMTP>>> SSL peer verification: off Net::SMTP>>> Provide Client Certificate: off Net::SMTP<<< Connected with 192.168.1.8:25 using no encryption Net::SMTP<<< 220 myserver ESMTP Postfix Net::SMTP>>> EHLO myhost Net::SMTP<<< 250-myserver Net::SMTP<<< 250-PIPELINING Net::SMTP<<< 250-SIZE 24480000 Net::SMTP<<< 250-ETRN Net::SMTP<<< 250-STARTTLS Net::SMTP<<< 250-AUTH PLAIN xxxxxxxxxxxxxxxx Net::SMTP<<< 250-AUTH=PLAIN LOGIN Net::SMTP<<< 250-ENHANCEDSTATUSCODES Net::SMTP<<< 250-8BITMIME Net::SMTP<<< 250 DSN Net::SMTP>>> STARTTLS Net::SMTP<<< 220 2.0.0 Ready to start TLS DEBUG: .../IO/Socket/SSL.pm:1460: start handshake DEBUG: .../IO/Socket/SSL.pm:649: ssl handshake not started DEBUG: .../IO/Socket/SSL.pm:682: using SNI with hostname 192.168.1.8 DEBUG: .../IO/Socket/SSL.pm:717: request OCSP stapling DEBUG: .../IO/Socket/SSL.pm:738: set socket to non-blocking to enforce timeout=30 DEBUG: .../IO/Socket/SSL.pm:764: ssl handshake in progress DEBUG: .../IO/Socket/SSL.pm:774: waiting for fd to become ready: SSL wants a read first DEBUG: .../IO/Socket/SSL.pm:794: socket ready, retrying connect DEBUG: .../IO/Socket/SSL.pm:2615: local error: hostname verification failed DEBUG: .../IO/Socket/SSL.pm:757: SSL connect attempt failed DEBUG: .../IO/Socket/SSL.pm:757: ignoring less severe local error 'SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed', keep 'hostname verification failed' DEBUG: .../IO/Socket/SSL.pm:760: fatal SSL error: hostname verification failed Although all connections were successful, the service is not speaking SMTP. The most likely causes are that the server uses a non-standard port for SMTP, or your configuration erroneously specifies a non-SMTP port. Check your configuration; then check with your server support.-- GeorgeClark - 02 Nov 2016 VadimBelman found the issue. It appears that in addition to setting
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), you also have to set verify_hostname => 0 in the socket options. This also applies to Net.pm.
Also discovered while testing, that it was not possible to run the wizard from the tools/configure and get any output. For some reason the capture of STDERR is not being released. - Changed AutoconfigureEmail.pm to bypass capture for CLI and undefined engine. No real need to capture STDERR anyway, just let it go to the console.
- Changed tools/configure to use STDOUT instead of STDERR. The output from the configure tool is not error output.
- The capture code for some reason doesn't release the capture. Resolved it by implementing the MuteExec code written by VadimBelman in his branch.
- In recent versions of IO::Socket::SSL, it seems to always attempt validation, even when configured to not validate. No solution to that yet, but there were two issues contributing to the validation failures:
- The Host IP was used instead of hostname in the test. IP addresses won't pass certificate hostname validation.
- There was no code to guess the SSL CA certificate bundle or path. (Resolved by invoking the SSLCertificates Wizard to guess the paths when necessary.)
- The code was resetting the captured debug log for each try, so it was impossible to see why earlier attempts failed.
ItemTemplate edit
Edit | Attach | Print version | History: r23 < r22 < r21 < r20 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r23 - 18 Feb 2017, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy