sslerror hostname was not match with the server certificate

195 views
Skip to first unread message

ffa

unread,
May 20, 2012, 6:20:07 PM5/20/12
to fat-free-...@googlegroups.com
I keep getting the below error every time an email is sent. After some research, I found that the error is from not being able to set the ca_file or ca_path attribute for OpenSSL::SSL::SSLContext through the mail plugin (gem) which is used by action mailer. My proofs are in "mail-2.4.4/lib/mail/network/delivery_methods/smtp.rb" at line 122 and at https://github.com/mikel/mail/issues/345. So, I created a monkey patch, "config/initializers/mail.rb", to set a default ca_file or ca_path. Does anyone have a better solution keeping security in mind? Is this actually the problem? Did I make any mistakes in my patch?


Monkey patch
file name: "config/initializers/mail.rb"

Net::SMTP.class_eval do
  def SMTP.default_ssl_context
    context = OpenSSL::SSL::SSLContext.new
    context.ca_file = '/path/to/ca-file'
    context
  end
end



Error

OpenSSL::SSL::SSLError (hostname was not match with the server certificate):
  app/models/polymorphic/comment.rb:63:in `block in notify_subscribers'
  app/models/polymorphic/comment.rb:59:in `eacch'
  app/models/polymorphic/comment.rb:59:in `notify_subscribers'
  app/controllers/comments_controller.rb:88:in `create'


  Rendered vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/templates/rescues/_trace.erb (6.0ms)
  Rendered vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (1.8ms)
  Rendered vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (20.1ms)

Nathan Broadbent

unread,
May 21, 2012, 5:10:12 AM5/21/12
to fat-free-...@googlegroups.com
Hi there,

Your monkey patch seems like a good solution to me. I can't see a better way than overriding default_ssl_context for Net::SMTP, and your patch looks fine.
I would be happy to bring this monkey patch into core FFCRM, and let you define :ca_path or :ca_file in settings.yml. I'll post your details on the github issue for the mail gem first, and see if it gets any attention.


Thanks
Nathan




--
You received this message because you are subscribed to the Google Groups "Fat Free CRM Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/fat-free-crm-users/-/tQqhCEJQ_AsJ.
To post to this group, send email to fat-free-...@googlegroups.com.
To unsubscribe from this group, send email to fat-free-crm-us...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/fat-free-crm-users?hl=en.

Nathan Broadbent

unread,
May 21, 2012, 5:56:51 AM5/21/12
to fat-free-...@googlegroups.com
Have sent a pull request to the mail gem. If accepted, you should be able to configure your SSL context by adding the :ca_file key to the :smtp hash in settings.yml. Will need to wait for mail 2.4.5 to be released, so you will need to keep using your monkey patch for now. 


Thanks
Nathan

ffa

unread,
May 22, 2012, 1:08:46 AM5/22/12
to fat-free-...@googlegroups.com, natha...@gmail.com
awesome, thank you for submitting a pull request to solve the problem and for your help.
Nathan


To post to this group, send email to fat-free-crm-users@googlegroups.com.
To unsubscribe from this group, send email to fat-free-crm-users+unsub...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages