Bug#549461: redmine: hostname was not match with the server certificate
Jan Wagner
Version: 0.9.0~svn2902-1
Severity: important
Hi Jérémy,
just a second bug as reminder. :)
When trying to send a testmail (e.g. notifications) I get the following:
An error occurred while sending mail (hostname was not match with the server
certificate)
Modifying /usr/share/rails/actionmailer/lib/action_mailer/base.rb like
described in [1] is working, but the file is part of the rails package:
--- /usr/share/rails/actionmailer/lib/action_mailer/base.rb.orig 2009-10-03
16:30:31.000000000 +0200
+++ /usr/share/rails/actionmailer/lib/action_mailer/base.rb 2009-10-03
16:30:22.000000000 +0200
@@ -678,7 +678,7 @@
sender = mail['return-path'] || mail.from
smtp = Net::SMTP.new(smtp_settings[:address], smtp_settings[:port])
- smtp.enable_starttls_auto if smtp.respond_to?(:enable_starttls_auto)
+ smtp.enable_starttls_auto if smtp_settings[:enable_starttls_auto] &&
smtp.respond_to?(:enable_starttls_auto)
smtp.start(smtp_settings[:domain], smtp_settings[:user_name],
smtp_settings[:password],
smtp_settings[:authentication]) do |smtp|
smtp.sendmail(mail.encoded, sender, destinations)
# grep -v ^# /etc/redmine/default/email.yml |grep -v ^$
production:
delivery_method: :smtp
smtp_settings:
enable_starttls_auto: false
address: localhost
port: 25
domain: cyconet.org
authentication: :none
So I don't want to touch the action_mailer/base.rb, since it would be
overwritten with the next package update of rails. Anyways ... the rails
package is 2.2.3-1~bpo50+1.
With kind regards, Jan.
[1] http://www.redmine.org/boards/2/topics/6446
--
Never write mail to <wa...@spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
------END GEEK CODE BLOCK------
Jérémy Lal
I just tested it, with your email.yml,
and it worked for me.
Maybe your localhost mail server has some config problem ?
Please try to give me more info on this.
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Jan Wagner
> > [1] http://www.redmine.org/boards/2/topics/6446
>
> I just tested it, with your email.yml,
> and it worked for me.
> Maybe your localhost mail server has some config problem ?
> Please try to give me more info on this.
The follwoing worked fine, even if my Subject is a bit broken. :)
moria:~# mail -s mail from localhost -c je...@edagames.com
549...@bugs.debian.org
Oct 3 18:50:37 moria postfix/qmgr[6724]: 1945F1201B8:
from=<ro...@moria.cyconet.org>, size=527, nrcpt=4 (queue active)
Oct 3 18:50:38 moria postfix/local[1232]: 1945F1201B8:
to=<fr...@moria.cyconet.org>, orig_to=<from>, relay=local, delay=1.4,
delays=0.56/0.65/0/0.18, dsn=5.1.1, status=bounced (unknown user: "from")
Oct 3 18:50:39 moria postfix/smtp[1230]: 1945F1201B8:
to=<je...@edagames.com>, relay=aspmx.l.google.com[209.85.219.22]:25,
delay=2.6, delays=0.56/0.47/1.1/0.47, dsn=2.0.0, status=sent (250 2.0.0 OK
1254588639 26si5195780ewy.83)
Oct 3 18:50:39 moria postfix/local[1229]: 1945F1201B8:
to=<loca...@moria.cyconet.org>, orig_to=<localhost>, relay=local, delay=2.6,
delays=0.56/0.65/0/1.4, dsn=5.1.1, status=bounced (unknown user: "localhost")
Oct 3 18:50:40 moria postfix/smtp[1231]: 1945F1201B8:
to=<549...@bugs.debian.org>, relay=rietz.debian.org[140.211.166.43]:25,
delay=3.9, delays=0.56/0.47/1.8/1.1, dsn=2.0.0, status=sent (250 OK
id=1Mu7oe-0001p6-AY)
Anyways, with not running a mailserver on port 25, gives: An error occurred
while sending mail (Connection refused - connect(2)) and it even fails on a
stock postfix setup with the certificate error.
With kind regards, Jan.
Jérémy Lal
A couple of things that would explain i can't reproduce :
- i'm on debian/sid, so maybe there's some problem with the backports;
please tell me your ruby, rake, liberb-ruby versions
- your mail server is proposing starttls, but has a bad certificate.
Please try when starttls is disabled in your mail server, or with an
updated certificate (one with hostname matching it)
Jan Wagner
> A couple of things that would explain i can't reproduce :
> - i'm on debian/sid, so maybe there's some problem with the backports;
> please tell me your ruby, rake, liberb-ruby versions
on sid:
sid:/usr/share/redmine# dpkg -l | grep rails
ii rails 2.2.3-1 MVC ruby based framework geared for web appl
sid:/usr/share/redmine# dpkg -l | grep liberb-ruby
ii liberb-ruby 4.2 transitional dummy package
sid:/usr/share/redmine# dpkg -l | grep libruby
ii libruby 4.2 Libraries necessary to run Ruby 1.8.x
ii libruby1.8 1.8.7.174-2 Libraries necessary to run Ruby 1.8
ii libruby1.8-extras 0.5 a bundle of additional libraries for Ruby 1.
sid:/usr/share/redmine# dpkg -l | grep " ruby1\."
ii ruby1.8 1.8.7.174-2 Interpreter of object-oriented scripting lan
> - your mail server is proposing starttls, but has a bad certificate.
> Please try when starttls is disabled in your mail server, or with an
> updated certificate (one with hostname matching it)
You reproduce it with:
sid:/usr/share/redmine# aptitude install postfix
[...]
sid:~# make-ssl-cert generate-default-snakeoil --force-overwrite
sid:/usr/share/redmine# hostname -f
sid.server.earth.cyconet.org
sid:/usr/share/redmine# openssl x509 -in /etc/ssl/certs/ssl-cert-snakeoil.pem
-noout -text|grep CN=
Issuer: CN=sid.server.earth.cyconet.org
Subject: CN=sid.server.earth.cyconet.org
sid:~# /etc/init.d/postfix restart
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
sid:/usr/share/redmine# grep -v ^# /etc/redmine/default/email.yml
production:
delivery_method: :smtp
smtp_settings:
enable_starttls_auto: false
address: localhost
port: 25
domain: cyconet.org
authentication: :none
sid:/usr/share/redmine# sudo -u www-data X_DEBIAN_SITEID="default" ruby
script/server webrick -e production
=> Booting WEBrick...
=> Rails 2.2.3 application started on http://192.168.66.111:3000
=> Ctrl-C to shutdown server; call with --help for options
[2009-10-04 11:30:20] INFO WEBrick 1.3.1
[2009-10-04 11:30:20] INFO ruby 1.8.7 (2009-06-12) [i486-linux]
[2009-10-04 11:30:20] INFO WEBrick::HTTPServer#start: pid=10233 port=3000
http://192.168.66.111:3000/settings/edit?tab=notifications <= hit "Send a test
email"
192.168.66.115 - - [04/Oct/2009:11:30:29 CEST] "GET /admin/test_email
HTTP/1.1" 302 124
http://192.168.66.111:3000/settings/edit?tab=notifications ->
/admin/test_email
192.168.66.115 - - [04/Oct/2009:11:30:29 CEST] "GET
/settings/edit?tab=notifications HTTP/1.1" 200 27334
http://192.168.66.111:3000/settings/edit?tab=notifications ->
/settings/edit?tab=notifications
Anyways ... main.cf and master.cf is attached.
> - your mail server is proposing starttls, but has a bad certificate.
> Please try when starttls is disabled in your mail server, or with an
> updated certificate (one with hostname matching it)
With setting "enable_starttls_auto: false" I would expect to not use starttls.
If that isn't the case, is there any other way to switch tls off, not matter
if the server supports it or not?
Jérémy Lal
https://rails.lighthouseapp.com/projects/8994/tickets/1731
that shows it's a rails 2.2 bug that has been fixed in rails 2.3,
i'm not comfortable with fixing it in redmine.
Could you open it on the rails package ?
Jérémy.
Adam Majer
> please stop enabling automatically STARTTLS, it breaks some applications ...
> for example redmine.
>
> please have a look into the attached patch.
>
> Thanks and with kind regards, Jan.
Just wandering, has this patch been forwarded upstream to rails?
- Adam
Jan Wagner
> Just wandering, has this patch been forwarded upstream to rails?
Looking into
http://github.com/rails/rails/commit/c2e7851fb20d24f49b55b5276cc3056082721dc4
seems so.
With kind regards, Jan.