I normally ignore "buy youself a new one, like mine" advice.
Besides, I can't believe that current gmail won't work on a 2009 OS.
So I tried to follow the stunnel route, but found: --
*** TLS not available: requires Net::SSLeay. Exiting
# locate SSLeay == ..some manS
# which SSLeay == none
So back to this route, which seemed too complex previously:---
From: Ivan Shmakov <
onei...@gmail.com>
Newsgroups: comp.mail.misc,
comp.internet.services.google,comp.os.linux.networking
Subject: Re: What linux clients do gmail:smtp TLS/SSL
Date: Fri, 08 Feb 2013 09:48:58 +0000
...
FWIW, I use Gnus/Emacs on my GNU/Linux system for both Usenet
and email, including sending via Google Mail's :587 (RFC 6409.)
...
===== start Ivan's good example log ===
Consider, for instance, the following example session:
$ gnutls-cli --starttls --port=submission --
smtp.gmail.com
|<1>| Note that the security level of the Diffie-Hellman key exchange has been lowered to 512 bits and this may allow decryption of the session data
Processed 152 CA certificate(s).
Resolving '
smtp.gmail.com'...
Connecting to '2a00:1450:4010:c04::6d:587'...
- Simple Client Mode:
220
mx.google.com ESMTP pz15sm16403877lab.3 - gsmtp
EHLO
MX.EXAMPLE.NET <-C: EHLO
crg...@gmail.com
250-mx.google.com at your service, [2XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES
STARTTLS <-C
220 2.0.0 Ready to start TLS
[There, one sends EOF (C-d) for gnutls-cli(1) to start TLS.] <--* !
*** Starting TLS handshake
- Peer's certificate is trusted
- The hostname in the certificate matches '
smtp.gmail.com'.
- Session ID: 28:0B:94:74:7F:4A:5D:B7:72:DA:C6:EA:50:63:B8:6B:B9:C7:F7:02:61:60:8B:0E:81:63:45:CE:24:31:9C:30
....
===== end Ivan's good example log === My best log looks similar:-
# gnutls-cli --starttls --port 587
smtp.gmail.com
Resolving '
smtp.gmail.com'...
Connecting to '173.194.67.108:587'...
- Simple Client Mode:
220
mx.google.com ESMTP fg6sm17705779wib.10 - gsmtp
EHLO
gmail.com
250-mx.google.com at your service, [41.174.10.205]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES
STARTTLS
220 2.0.0 Ready to start TLS
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
# The hostname in the certificate matches '
smtp.gmail.com'.
# valid since: Wed Sep 12 13:57:50 SAST 2012
# expires at: Fri Jun 7 21:43:27 SAST 2013
# fingerprint: 96:AC:76:52:9F:17:E4:1D:28:07:80:3A:8E:00:A8:41
# Subject's DN: C=US,ST=California,L=Mountain View,O=Google Inc,CN=
smtp.gmail.com
# Issuer's DN: C=US,O=Google Inc,CN=Google Internet Authority
- Certificate[1] info:
# valid since: Mon Jun 8 22:43:27 SAST 2009
# expires at: Fri Jun 7 21:43:27 SAST 2013
# fingerprint: 33:A0:EA:98:0E:3D:6E:26:1D:77:2D:82:DF:66:00:7D
# Subject's DN: C=US,O=Google Inc,CN=Google Internet Authority
# Issuer's DN: C=US,O=Equifax,OU=Equifax Secure Certificate Authority
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.1
- Key Exchange: RSA
- Cipher: ARCFOUR-128
- MAC: SHA1
- Compression: NULL
^C
============ > EXIT
OMG what IS this all about CertificateS ?!