smtp x509: certificate has expired or is not yet valid

1,711 views
Skip to first unread message

victorcoder

unread,
Mar 15, 2012, 9:43:17 AM3/15/12
to golan...@googlegroups.com
This is what I'm trying to do:

// Set up authentication information.
        auth := smtp.PlainAuth(
                "",
                "test",
                "test",
                "smtp.season.es",
        )
        // Connect to the server, authenticate, set the sender and recipient,
        // and send the email all in one step.        
        err := smtp.SendMail(
                "smtp.season.es:25",
                auth,
                "sysadmin[at]season.es",
                []string{"sysadmin[at]season.es"},
                []byte("This is the email body."),
        )
        if err != nil {
                log.Fatal(err)
        }

You can test it with sample against my smtp server, and you'll see the error.

Username and password are ok but failing here too with "test" user/pass.

Am I doing something wrong or it's a bug?

Mikkel Krautz

unread,
Mar 15, 2012, 10:59:28 AM3/15/12
to victorcoder, golan...@googlegroups.com

Hi,

You're using the SendMail function. That function tries to use TLS if
the server advertises it. In this case, the server does advertise it,
but the certificate is self-signed and expired.

A workaround would be to copy the SendMail code into your own program
and skip the StartTLS call.

Mikkel

victorcoder

unread,
Mar 15, 2012, 12:15:26 PM3/15/12
to golan...@googlegroups.com, victorcoder

Hi,

You're using the SendMail function. That function tries to use TLS if
the server advertises it. In this case, the server does advertise it,
but the certificate is self-signed and expired.

A workaround would be to copy the SendMail code into your own program
and skip the StartTLS call.

Mikkel


Thanks Mikkel,

I wonder why not just encrypt the communication between parties ignoring if it's an expired certificate, that would be better that no communication at all, or better give the option to force skip TLS in SendMail call.
 

Evan Shaw

unread,
Mar 15, 2012, 3:04:13 PM3/15/12
to victorcoder, golan...@googlegroups.com
On Fri, Mar 16, 2012 at 5:15 AM, victorcoder <victo...@gmail.com> wrote:
> I wonder why not just encrypt the communication between parties ignoring if
> it's an expired certificate, that would be better that no communication at
> all, or better give the option to force skip TLS in SendMail call.

Some would disagree that ignoring an expired certificate is better.

SendMail is intended to be an easy way to send email with sensible
default behavior. Hopefully it covers most cases, but for those it
doesn't, the other functions in net/smtp are available.

- Evan

Reply all
Reply to author
Forward
0 new messages