Re: Email certificate?
whostheJBoss
certificate of some sort. This is the error I'm getting:
"ERROR","web-0","01/01/2010","21:16","mail spooler","Can't send
command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target"
The certificate on the server is self-signed.
I'm not exactly sure how I'm supposed to get around this... any
ideas? :)
whostheJBoss
"ERROR","web-0","01/01/2010","21:25","mail spooler","Exception reading
response;
nested exception is:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?"
When I added useSSL="true" to my cfmail tag.
James Holmes
to the CF keystore e.g.:
http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore
mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/
2010/1/2 whostheJBoss <dotf...@changethings.org>:
whostheJBoss
"Usage error, files is not a legal command"
(that's the exact error)
Perhaps I'm not doing something right...
If my cert is:
c:\mycert.cert
What command do I run?
I've tried:
keytool -import -trustcacerts -file c:\mycert.cert
And about a million incarnations of that, but keep getting errors.
This isn't territory I'm familiar with...
Thanks!
On Jan 1, 9:35 pm, James Holmes <james.hol...@gmail.com> wrote:
> You need to to add the certificate's CA (and any intermediate certs)
> to the CF keystore e.g.:
>
> http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore
>
> mxAjax / CFAjax docs and other useful articles:http://www.bifrost.com.au/blog/
>
> 2010/1/2 whostheJBoss <dotfus...@changethings.org>:
James Holmes
C:\CFusionMX\runtime\jre\lib>keytool -import -keystore c:\CFusionMx\runtime\jre\
lib\security\cacerts -alias instantssl -storepass changeit -noprompt -trustcacer
ts -file c:\mycert.cert
Make sure the certificate is in the right format.
You might also have luck with this GUI utility:
http://www.alphaworks.ibm.com/tech/keyman
It's a bit easier to use and it may help in working out where the problem is.
mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/
2010/1/2 whostheJBoss <dotf...@changethings.org>:
> --
>
> You received this message because you are subscribed to the Google Groups "Railo" group.
> To post to this group, send email to ra...@googlegroups.com.
> To unsubscribe from this group, send email to railo+un...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/railo?hl=en.
>
>
>
whostheJBoss
"program files" in the keystore path was causing a problem, since the
message said "files is not a legal command".
Unable to change my Java install location, I copied cacerts from the
lib/security filter to c:\keystore\cacerts
I then modified the command to:
keytool -import -keystore c:\keystore\cacerts -alias instantssl -
storepass changeit -noprompt -trustcacerts -file c:
\mail.mydomain.com.cert
And received:
"Certificate was added to keystore"
I then copied the cacerts file back to lib/security
At this point I tried to send mail again and got the new error:
"ERROR","web-0","01/02/2010","16:52","mail spooler","Exception reading
response;
nested exception is:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target"
The cert was created according to this page:
Am I trying to add the wrong key? I'm still a little lost here, and
every solution I find sends me down a different path.
Thanks for all your help!
On Jan 2, 3:25 am, James Holmes <james.hol...@gmail.com> wrote:
> The whole command line from the article is relevant:
>
> C:\CFusionMX\runtime\jre\lib>keytool -import -keystore c:\CFusionMx\runtime\jre\
> lib\security\cacerts -alias instantssl -storepass changeit -noprompt -trustcacer
> ts -file c:\mycert.cert
>
> Make sure the certificate is in the right format.
>
> You might also have luck with this GUI utility:
>
> http://www.alphaworks.ibm.com/tech/keyman
>
> It's a bit easier to use and it may help in working out where the problem is.
>
> mxAjax / CFAjax docs and other useful articles:http://www.bifrost.com.au/blog/
>
> 2010/1/2 whostheJBoss <dotfus...@changethings.org>:
MrBuzzy
Instead of moving files about, I would check that when you run 'keytool', it's running from the JVM used by Railo.
c:\railo\jdk\bin>keytool -import -keystore c:\railo\jdk\lib\security\cacerts -alias instantssl -storepass changeit -noprompt -trustcacerts -file c:\mycert.cert
http://blogs.sun.com/andreas/entry/no_more_unable_to_find
From the error messages, I had the suspicion that the space in
"program files" in the keystore path was causing a problem, since the
message said "files is not a legal command".
Unable to change my Java install location, I copied cacerts from the
lib/security filter to c:\keystore\cacerts
I then modified the command to:
keytool -import -keystore c:\keystore\cacerts -alias instantssl -
storepass changeit -noprompt -trustcacerts -file c:\mail.mydomain.com.cert
And received:
"Certificate was added to keystore"
I then copied the cacerts file back to lib/security
At this point I tried to send mail again and got the new error:
"ERROR","web-0","01/02/2010","16:52","mail spooler","Exception reading
response;
nested exception is:The cert was created according to this page:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target"
http://articles.slicehost.com/2009/9/29/centos-postfix-secure-connection-creating-the-ssl-certificate
Am I trying to add the wrong key? I'm still a little lost here, and
every solution I find sends me down a different path.
You received this message because you are subscribed to the Google Groups "Railo" group.
whostheJBoss
keytool -import -keystore c:\keystore\cacerts -alias instantssl -
storepass changeit -noprompt -trustcacerts -file c:
\mail.mydomain.com.cert
Result:
"Certificate not imported, alias <instantssl> already exists"
So, any thoughts on that? Apparently it's already there...
On Jan 2, 7:41 pm, MrBuzzy <mrbu...@gmail.com> wrote:
> Howdy "Certificate was added to keystore" sounds hopeful :)
> Instead of moving files about, I would check that when you run 'keytool',
> it's running from the JVM used by Railo.
>
> Something like;
> *c:\railo\jdk\bin*>keytool -import -keystore *
> c:\railo\jdk\lib\security\cacerts* -alias instantssl -storepass changeit
> -noprompt -trustcacerts -file c:\mycert.cert
>
> This might be helpful too;http://blogs.sun.com/andreas/entry/no_more_unable_to_find
>
> You could compile the 'InstallCert' program and something I noticed that
> might be worth exploring (from the blog article): "*or copy it into
> your $JAVA_HOME/jre/lib/security directory...*"
>
> 2010/1/3 whostheJBoss <dotfus...@changethings.org>
>
>
>
> > From the error messages, I had the suspicion that the space in
> > "program files" in the keystore path was causing a problem, since the
> > message said "files is not a legal command".
>
> > Unable to change my Java install location, I copied cacerts from the
> > lib/security filter to c:\keystore\cacerts
>
> > I then modified the command to:
>
> > keytool -import -keystore c:\keystore\cacerts -alias instantssl -
> > storepass changeit -noprompt -trustcacerts -file c:
> > \mail.mydomain.com.cert
>
> > And received:
>
> > "Certificate was added to keystore"
>
> > I then copied the cacerts file back to lib/security
>
> > At this point I tried to send mail again and got the new error:
>
> > "ERROR","web-0","01/02/2010","16:52","mail spooler","Exception reading
> > response;
> > nested exception is:
> > javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > find valid certification path to requested target"
>
> > The cert was created according to this page:
>
> >http://articles.slicehost.com/2009/9/29/centos-postfix-secure-connect...
>
> > Am I trying to add the wrong key? I'm still a little lost here, and
> > every solution I find sends me down a different path.
>
> > You received this message because you are subscribed to the Google Groups
> > "Railo" group.
> > To post to this group, send email to ra...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > railo+un...@googlegroups.com <railo%2Bunsu...@googlegroups.com>.
James Holmes
mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/
2010/1/3 whostheJBoss <dotf...@changethings.org>:
whostheJBoss
On Jan 2, 9:10 pm, James Holmes <james.hol...@gmail.com> wrote:
> You did restart your J2EE server after the import, right?
>
> mxAjax / CFAjax docs and other useful articles:http://www.bifrost.com.au/blog/
>
> 2010/1/3 whostheJBoss <dotfus...@changethings.org>:
MrBuzzy
\mail.mydomain.com.cert
--
You received this message because you are subscribed to the Google Groups "Railo" group.
To post to this group, send email to ra...@googlegroups.com.
To unsubscribe from this group, send email to railo+un...@googlegroups.com.
whostheJBoss
C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\railo
\railo-server\context\classes
C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\railo
\railo-server\context\lib\railo-extension-video.jar
C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\bin
\bootstrap.jar
C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\railo
\railo-server\context\lib\railo-extension-admin-sync.jar
C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\railo
\railo-server\context\lib\railo-extension-s3-resource.jar
C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\railo
\railo-server\context\lib\railo-extension-cluster-scope.jar
Under Java it shows:
1.6.0_13 (Sun Microsystems Inc.)
I ran:
<cfset javaSystem = createObject("java", "java.lang.System") />
<cfdump var="#javaSystem#">
And I get...
C:\Program Files (x86)\Java\jre6\
So, that's where my Java is, as I suspected.
I compiled and ran the InstallCert program and press 1 when shown my
cert. It adds the cert to my keystore, but the error persists...
On Jan 3, 1:13 am, MrBuzzy <mrbu...@gmail.com> wrote:
> I think it's important that the keystore you specified, is the one used by
> the Railo JVM.
>
> So you command would be;
>
> keytool -import -keystore "c:\program files (x86)\Java\jre6\
> lib\security\cacerts" -alias instantssl -
> storepass changeit -noprompt -trustcacerts -file c:
> \mail.mydomain.com.cert
>
> I would also check and confirm that is the JVM used by Railo.
>
> It's kind of hidden, see: Railo Web Administrator > Overview > Info >
> Classpath (the jdk will be referenced there).
>
> 2010/1/3 whostheJBoss <dotfus...@changethings.org>
> > railo%2Bunsu...@googlegroups.com<railo%252Buns...@googlegroups.com >
GRAPE Stack
I keep getting:
"ERROR","web-0","01/03/2010","06:55","mail spooler","Exception reading
response;
nested exception is:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?"
When I try to have useTLS="yes" and use port 25...
I'm in the midst of debugging Postfix, so I thought I'd ask...
Michael Offner-Streit
<cfdump var="#SSLCertificateList("mail.google.com")#">
<cfset SSLCertificateInstall("mail.google.com")>
replace "mail.google.com" with your mailserver
in a future release we will addd this to the railo admin
/micha
whostheJBoss schrieb:
> --
>
> You received this message because you are subscribed to the Google Groups "Railo" group.
> To post to this group, send email to ra...@googlegroups.com.
> To unsubscribe from this group, send email to railo+un...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/railo?hl=en.
>
>
>
>
--
Michael Offner-Streit
CTO
Railo Technologies GmbH
michael...@railo.ch
www.getrailo.com
Mailing List (english): http://groups.yahoo.com/group/railo_talk/
Mailing List (german): http://de.groups.yahoo.com/group/railo/
Linked in: http://www.linkedin.com/e/gis/71368/0CF7D323BBC1
Issue Tracker: http://jira.jboss.org/jira/browse/RAILO
Blog: http://www.railo-technologies.com/blog
whostheJBoss
When I run openssl on my server using my mail.mydomain.com:25 or 587,
I see the correct certificate. However, when I run openssl on port
443, I see a different certificate. So, the mail SSL cert on25 and 587
is different than the SSL cert on port 443.
So, with SSLCertificateList I see the wrong certificate.
Port 25 and 587 return the proper certificate, while port 443 returns
a different certificate.
So, is SSLCertificateList checking http port 443? How can I have it
check port 25 or 587?
On Jan 4, 7:35 am, Michael Offner-Streit <michael.off...@railo.ch>
wrote:
> try this
>
> <cfdump var="#SSLCertificateList("mail.google.com")#">
> <cfset SSLCertificateInstall("mail.google.com")>
>
> replace "mail.google.com" with your mailserver
>
> in a future release we will addd this to the railo admin
>
> /micha
>
> whostheJBoss schrieb:
>
>
>
>
>
> > I am trying to send mail through an SMTP that is requiring a
> > certificate of some sort. This is the error I'm getting:
>
> > "ERROR","web-0","01/01/2010","21:16","mail spooler","Can't send
> > command to SMTP host;
> > nested exception is:
> > javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > find valid certification path to requested target"
>
> > The certificate on the server is self-signed.
>
> > I'm not exactly sure how I'm supposed to get around this... any
> > ideas? :)
>
> > --
>
> > You received this message because you are subscribed to the Google Groups "Railo" group.
> > To post to this group, send email to ra...@googlegroups.com.
> > To unsubscribe from this group, send email to railo+un...@googlegroups.com.
> > For more options, visit this group athttp://groups.google.com/group/railo?hl=en.
>
> --
> Michael Offner-Streit
> CTO
> Railo Technologies GmbH
> michael.off...@railo.chwww.getrailo.com
whostheJBoss
the browser shows the correct cert now for SSLCertificateList
("mail.mydomain.com") (although, being able to specify port on this
command would be great!)
After I saw the correct cert I ran SSLCertificateInstall
("mail.mydomain.com"), but I am still receiving the following error
when I try to send. Is there a way for me to see which certificate
Railo is sending along with cfmail?
I am getting this from the Postfix log:
Jan 4 12:16:29 mail postfix/smtpd[4719]: initializing the server-
side
TLS engine
Jan 4 12:16:29 mail postfix/tlsmgr[4721]: open smtpd TLS cache
btree:/
var/spool/postfix/smtpd_tls_cache
Jan 4 12:16:29 mail postfix/tlsmgr[4721]: tlsmgr_cache_run_event:
start TLS smtpd session cache cleanup
Jan 4 12:16:29 mail postfix/smtpd[4719]: connect from localhost
[127.0.0.1]
Jan 4 12:16:29 mail postfix/smtpd[4719]: setting up TLS connection
from localhost[127.0.0.1]
Jan 4 12:16:29 mail postfix/smtpd[4719]: SSL_accept:before/accept
initialization
Jan 4 12:16:29 mail postfix/smtpd[4719]: read from 7F23E9D145A0
[7F23E9D1DD80] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Jan 4 12:16:29 mail postfix/smtpd[4719]: SSL_accept:error in SSLv2/
v3
read client hello A
Jan 4 12:16:29 mail postfix/smtpd[4719]: read from 7F23E9D145A0
[7F23E9D1DD80] (11 bytes => 11 (0xB))
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0000 16 03 01 00 49 01 00
00|
45 03 01 ....I... E..
Jan 4 12:16:29 mail postfix/smtpd[4719]: read from 7F23E9D145A0
[7F23E9D1DD8B] (67 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Jan 4 12:16:29 mail postfix/smtpd[4719]: SSL_accept:error in SSLv3
read client hello B
Jan 4 12:16:29 mail postfix/smtpd[4719]: SSL_accept:error in SSLv3
read client hello B
Jan 4 12:16:29 mail postfix/smtpd[4719]: read from 7F23E9D145A0
[7F23E9D1DD8B] (67 bytes => 67 (0x43))
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0000 4b 41 dc 1d ec 17 c6
d9|
d9 9d 3b 6d a2 ca 51 74 KA...... ..;m..Qt
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0010 9d 48 db 68 5c 4a 30
ba|
ea 64 92 3f 6f 24 b5 b4 .H.h\J0. .d.?o$..
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0020 00 00 1e 00 04 00 05
00|
2f 00 33 00 32 00 0a 00 ........ /.3.2...
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0030 16 00 13 00 09 00 15
00|
12 00 03 00 08 00 14 00 ........ ........
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0040 11
01 ..
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0042 - <SPACES/NULLS>
Jan 4 12:16:29 mail postfix/smtpd[4719]: SSL_accept:SSLv3 read
client
hello B
Jan 4 12:16:29 mail postfix/smtpd[4719]: SSL_accept:SSLv3 write
server hello A
Jan 4 12:16:29 mail postfix/smtpd[4719]: SSL_accept:SSLv3 write
certificate A
Jan 4 12:16:29 mail postfix/smtpd[4719]: SSL_accept:SSLv3 write
server done A
Following by a dump of my certificate (partial below):
Jan 4 12:16:29 mail postfix/smtpd[4719]: write to 7F23E9D145A0
[7F23E9D2BF70] (942 bytes => 942 (0x3AE))
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0000 16 03 01 00 4a 02 00
00|
46 03 01 4b 41 dc 1d bc ....J... F..KA...
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0010 d9 c8 ac 4a 46 82 1c
8b|
c1 1a 8c af a5 03 4b ca ...JF... ......K.
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0020 d2 95 e1 29 bd 6e 2c
b0|
23 53 54 20 87 b4 e2 ca ...).n,. #ST ....
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0030 86 5c c1 2b 52 3a 99
6d|
cf 90 df 82 ec ff ae 49 .\.+R:.m .......I
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0040 8d d1 f7 8a 4e 8e 0b
d5|
5f c6 7e ae 00 04 00 16 ....N... _.~.....
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0050 03 01 03 51 0b 00 03
4d|
00 03 4a 00 03 47 30 82 ...Q...M ..J..G0.
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0060 03 43 30 82 02 ac a0
03|
02 01 02 02 09 00 8a ab .C0..... ........
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0070 f4 88 c6 9c 3d 1b 30
0d|
06 09 2a 86 48 86 f7 0d ....=.0. ..*.H...
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0080 01 01 05 05 00 30 75
31|
0b 30 09 06 03 55 04 06 .....0u1 .0...U..
Jan 4 12:16:29 mail postfix/smtpd[4719]: 0090 13 02 55 53 31 13 30
11|
06 03 55 04 08 13 0a 43 ..US1.0. ..U....C
Jan 4 12:16:29 mail postfix/smtpd[4719]: 00a0 61 6c 69 66 6f 72 6e
69|
61 31 12 30 10 06 03 55 aliforni a1.0...U
And then:
Jan 4 12:16:29 mail postfix/smtpd[4719]: 03ab - <SPACES/NULLS>
Jan 4 12:16:29 mail postfix/smtpd[4719]: SSL_accept:SSLv3 flush data
Jan 4 12:16:29 mail postfix/smtpd[4719]: read from 7F23E9D145A0
[7F23E9D1DD80] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Jan 4 12:16:29 mail postfix/smtpd[4719]: SSL_accept:error in SSLv3
read client certificate A
Jan 4 12:16:30 mail postfix/smtpd[4719]: read from 7F23E9D145A0
[7F23E9D1DD80] (5 bytes => 5 (0x5))
Jan 4 12:16:30 mail postfix/smtpd[4719]: 0000 15 03 01 00
02 .....
Jan 4 12:16:30 mail postfix/smtpd[4719]: read from 7F23E9D145A0
[7F23E9D1DD85] (2 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Jan 4 12:16:30 mail postfix/smtpd[4719]: SSL_accept:error in SSLv3
read client certificate A
Jan 4 12:16:30 mail postfix/smtpd[4719]: read from 7F23E9D145A0
[7F23E9D1DD85] (2 bytes => 2 (0x2))
Jan 4 12:16:30 mail postfix/smtpd[4719]: 0000 02
2e ..
Jan 4 12:16:30 mail postfix/smtpd[4719]: SSL3 alert
read:fatal:certificate unknown
Jan 4 12:16:30 mail postfix/smtpd[4719]: SSL_accept:failed in SSLv3
read client certificate A
Jan 4 12:16:30 mail postfix/smtpd[4719]: SSL_accept error from
localhost[127.0.0.1]: 0
Jan 4 12:16:30 mail postfix/smtpd[4719]: warning: TLS library
problem: 4719:error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:
1053:SSL alert number 46:
Jan 4 12:16:30 mail postfix/smtpd[4719]: lost connection after
STARTTLS from localhost[127.0.0.1]
Jan 4 12:16:30 mail postfix/smtpd[4719]: disconnect from localhost
[127.0.0.1]
denstar
http://trac.getrailo.org/railotags/wiki/CfJavaMail
Does stuff similar to this stuff:
http://blogs.sun.com/apanicker/entry/java_code_for_smtp_server
Have you done some sanity checking? Like, do mail clients have no
problems with your set-up, etc.?
If yes, maybe doing the lower-level java stuff will shed some light on it.
Break a leg! =)
:den
--
Throw moderation to the winds, and the greatest pleasures bring the
greatest pains.
Democritus
whostheJBoss
Thunderbird accepts my certificate and I can send mail though...
denstar
maybe check this if you do play with the javamail stuff:
http://java.sun.com/products/javamail/SSLNOTES.txt
(The part about socket factories wrt self-signed certs (and above it
maybe- specifying the keystore- tho that seems pretty pointless))
You could also just try the custom tag and see if it works. There's
only been like two testers so far tho, so who knows. =)
--
The juvenile sea squirt wanders through the sea searching for a
suitable rock or hunk of coral to cling to and make its home for life.
For this task, it has a rudimentary nervous system. When it finds its
spot and takes root, it doesn't need its brain anymore so it eats it!
Daniel Dennett
whostheJBoss
I was under the impression that adding my cert to the keystore would
solve the problem, unsigned or not.
Thanks Den!
denstar
It should have been that simple, but you never know. :)
Every bit of sanity checking helps when you're in one of those "WTF?"
type situations.
Could be that you *think* Thunderbird is sending fine, but it's really
using a different SMTP server-- you know, stuff that makes you feel
like you're going crazy.
"There's no way this code ever worked, yet I'd swear it had-- for years!"
True story. ;]
:den
--
The problem is that no ethical system has ever achieved consensus.
Ethical systems are completely unlike mathematics or science. This is
a source of concern.
Daniel Dennett
whostheJBoss
don't think it's using another SMTP. It's an empty config with no
accounts. I emptied the cert store. I get prompted to add my cert
exception when I try to use my SMTP and I receive the mail...
denstar
Is the mail server and the cf server on the same box? It doesn't
sound like it, but if so, maybe it's a host-related problem?
The cert stuff can be pretty cryptic. And a bit anal.
But it's bad-ass!
(Like Jordan. =))
--
Certain readers resented me when they could no longer recognize their
territory, their institution.
Jacques Derrida
whostheJBoss
with a server on my local machine and get identical results.
It's got to be something with my app not sending the certificate. Do
you know of a way to check which certificates are being sent along
with the request?
I'll check out the javamail tag...
MrBuzzy
denstar
> Haha, yes, the CF server is on the same box as Postfix. I've tried it
> with a server on my local machine and get identical results.
Awesome. Enough sanity there. Hrm.
> It's got to be something with my app not sending the certificate. Do
> you know of a way to check which certificates are being sent along
> with the request?
If you're using client certificates, man, I dunno. That's just too
kick-ass for me. Generally I only worry about trusting the server to
establish a connection, and then using a name/password to authenticate
over that "trusted" connection. Using client certs is like, one step
down from using client certs + One Time Passwords. :)
Are you specifying a keystore and whatnot in the cfmail tag? I've
honestly done more in java land with this kind of thing than in CF
(directly, at least), and it's been more on the SSL session side than
the mail session side, per se.
> I'll check out the javamail tag...
If you do, holler if you run into any bugs.
Think positive! It's probably something simple, since it's been this hard.
:den
--
I do not believe in pure idioms. I think there is naturally a desire,
for whoever speaks or writes, to sign in an idiomatic, irreplaceable
manner.
Jacques Derrida
whostheJBoss
> kick-ass for me. Generally I only worry about trusting the server to
> establish a connection, and then using a name/password to authenticate
> over that "trusted" connection. Using client certs is like, one step
> down from using client certs + One Time Passwords. :)
I guess I'm just kick-ass like that. (If only I could get it to work!)
Anyway, what do you mean about trusting the server to establish a
connection? Are you sending user / pass in sha1 or antyhing? If you
are using plaintext auth, how are you protecting the username / pass
in transit without a client cert?
> Are you specifying a keystore and whatnot in the cfmail tag? I've
> honestly done more in java land with this kind of thing than in CF
> (directly, at least), and it's been more on the SSL session side than
> the mail session side, per se.
I haven't been specifying a keystore, I figured that Micha's advice to
use the SSLCertificateInstall() function in Railo would put the cert
into the proper keystore, since Railo would probably write to the same
one it reads from, no?
> > I'll check out the javamail tag...
>
> If you do, holler if you run into any bugs.
>
> Think positive! It's probably something simple, since it's been this hard.
>
I hope!
> :den
>
> --
> I do not believe in pure idioms. I think there is naturally a desire,
> for whoever speaks or writes, to sign in an idiomatic, irreplaceable
> manner.
> Jacques Derrida
"All truths are easy to understand once they are discovered; the point
is to discover them." - Galileo Galilei
"Advances are made by answering questions. Discoveries are made by
questioning answers." - Bernhard Haisch
denstar
...
> Anyway, what do you mean about trusting the server to establish a
> connection? Are you sending user / pass in sha1 or antyhing? If you
> are using plaintext auth, how are you protecting the username / pass
> in transit without a client cert?
The way this stuff works (I think) is that things are encrypted from
the get-go. The only question is, are you talking to who you think
you are?
Generally people go for a one-way deal (the server gives it's cert
alone), because that's all that's needed to get secure-ish.
The connection is established, and once it's trusted, it's used (gross
simplification probably).
Client certs generally replace passwords on the client side (although
there's usually a passphrase for the client cert, so there's a
password too). They're like a password "plus".
It's like providing an ID -- something "physical", if you will -- to
know that at least the person with the ID has an ID. It might be
stolen, but you still have to have one to get in.
So the client cert is used for authentication more than encryption, if
that makes sense. I've probably mangled it horribly. :)
>> Are you specifying a keystore and whatnot in the cfmail tag? I've
>> honestly done more in java land with this kind of thing than in CF
>> (directly, at least), and it's been more on the SSL session side than
>> the mail session side, per se.
>
> I haven't been specifying a keystore, I figured that Micha's advice to
> use the SSLCertificateInstall() function in Railo would put the cert
> into the proper keystore, since Railo would probably write to the same
> one it reads from, no?
Yeah, for server certs, but it seems (from a very quick perusal) that
you use keystores to pass client certs. Maybe just importing your
client cert as well will "fix" it? Dunno how scaleable that is tho
(if it works)-- you might be better off creating the keystore on the
fly. *shrug*
Pure speculation.
>> Think positive! It's probably something simple, since it's been this hard.
>>
>
> I hope!
Hope is awesome, my friend!
:den
--
I became the stage for the great argument between Nietzsche and
Rousseau. I was the extra ready to take on all the roles.
Jacques Derrida
MrBuzzy
1. I was trying to set up Postfix and recreate your problem, but it's be a waste of time to do with a different type of certificate. Not a quick job anyhow :)
2. This could be relevant "Depending on the certificate configuration of the servers you contact, you may need to add additional root certificate(s). Obtain the needed specific root certificate(s) from the appropriate vendor. " From: http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizingStores
whostheJBoss
I wasn't under the impression that what I was trying to do would need
to use a client certificate.
The Postfix documentation here states that you must enable client
certificates, which I haven't:
http://www.postfix.org/TLS_README.html#server_vrfy_client
I'll explain what I did and then what I'm trying to accomplish...
I prepared my server according to this:
https://articles.slicehost.com/2009/9/28/centos-email-preparing-the-slice
I installed Postfix like so:
https://articles.slicehost.com/2009/9/28/centos-postfix-installation
I performed basic configuration of Postfix:
https://articles.slicehost.com/2009/9/29/centos-postfix-basic-settings-in-main-cf
(At this point I can send mail through the server with the mail
command)
I then enabled Saslauthd:
https://articles.slicehost.com/2009/9/29/centos-postfix-secure-connection-configuring-saslauthd
(At this point I can use mail.mydomain.com as an smtp on port 25, but
a valid username and password is required)
So, as of this point I am able to send mail with <cfmail> on port 25
with username and password, but the authentication is being sent in
plain text, which I don't want.
I want to have useTLS="true" on my <cfmail> tag to create an encrypted
connection to the server.
So, I created a self-signed certificate:
http://articles.slicehost.com/2009/9/29/centos-postfix-secure-connection-creating-the-ssl-certificate
I then enabled TLS:
https://articles.slicehost.com/2009/9/29/centos-postfix-secure-connection-configuring-postfix
At this point I can still send mail on port 25, but when I put
useTLS="true" I start getting this error:
"ERROR","web-0","01/04/2010","16:11","mail spooler","Can't send
command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target"
I tried the keytool import program, I compiled and tried the
InstallCert Java program and I used Micha's suggestion:
<cfdump var="#SSLCertificateList("mail.mydomain.com")#">
<cfset SSLCertificateInstall("mail.mydomain.com")>
But all of these methods failed. I thought that the Railo
SSLCertificateInstall() function would add the certificate to the
correct keystore (the one it uses), but this did not work.
My Postfix log shows:
Jan 4 12:16:30 mail postfix/smtpd[4719]: SSL3 alert
read:fatal:certificate unknown
Jan 4 12:16:30 mail postfix/smtpd[4719]: SSL_accept:failed in SSLv3
read client certificate A
Jan 4 12:16:30 mail postfix/smtpd[4719]: SSL_accept error from
localhost[127.0.0.1]: 0
Jan 4 12:16:30 mail postfix/smtpd[4719]: warning: TLS library
problem: 4719:error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:
1053:SSL alert number 46:
Jan 4 12:16:30 mail postfix/smtpd[4719]: lost connection after
STARTTLS from localhost[127.0.0.1]
Jan 4 12:16:30 mail postfix/smtpd[4719]: disconnect from localhost
[127.0.0.1]
And my Railo log shows:
"ERROR","web-0","01/04/2010","12:16","mail spooler","Can't send
command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target"
So, my question is this...
When <cfmail> tries to connect to Postfix on port 25 using TLS and
Postfix responds with a certificate that is self-signed, does Railo
need to add this certificate to the keystore so that it can "approve"
it? Or does <cfmail> handle accepting and using it? Since there is a
prompt for self-signed certs, does Railo know how to answer it? Is
this what adding the cert to the keystore SHOULD do? I guess it
doesn't matter much, since adding the certificate with
SSLCertificateInstall() didn't work, but I'd like to know why.
Anyway, what I want is pretty simple:
I want to be able to use <cfmail> on port 25 without TLS and send mail
unencrypted, but I also want to be able to put useTLS="true" and be
able to send mail encrypted over a secure layer.
I don't need a client certificate or anything for authentication, I
just need to be able to specify my username and password in <cfmail>
and have it send over TLS instead of plain text using my self-signed
certificate.
So, what I want isn't really that difficult, and I'm halfway there,
but something is not working right.
I can post my main.cf and master.cf files if that helps, but I'm
guessing I'm just misunderstanding something?
Any help would be GREATLY appreciated!
p.s. And if you are feeling lucky, maybe you have a solution for this:
When I send email through <cfmail> on Railo the email comes through
with an attachment.
The email header when sent from Railo contains this:
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_3_15079971.1262699924914"
When sent through ColdFusion is contains this:
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
When I send through CF there is no attachment on the email, but when I
send through Railo there is.
Is there something I have to specify in Railo to stop this?
I've tried:
<cfmailparam name="MIME-Version" value="1.0">
<cfmailparam name="Content-Type" value="#ContentValue#">
<cfmailparam name="Content-Transfer-Encoding" value="7bit">
But the result is identical, the content-type is still multipart/mixed
and there is still an attachment.
Again, any help is greatly appreciated!
Thanks!
Michael Offner-Streit
sslcertificatelist(string host,[number port]):query
sslcertificateinstall(string host,[number port]):void
/micha
whostheJBoss schrieb:
-- Michael Offner-Streit CTO Railo Technologies GmbH
whostheJBoss
When I try SSLCertificateInstall() and SSLCertificateList() on port
465, both show me the certificate and cause no errors.
When I try them on port 25 I get:
"Could not obtain server certificate chain"
Could not obtain server certificate chain
at railo.runtime.net.http.CertificateInstaller.<init>
(CertificateInstaller.java:72):72
at railo.runtime.net.http.CertificateInstaller.<init>
(CertificateInstaller.java:41):41
at railo.runtime.functions.other.SSLCertificateInstall.call
(SSLCertificateInstall.java:20):20
at playground.mail_cfm$cf.call(C:\Program Files (x86)\Apache Software
Foundation\Tomcat 6.0\sites\foo\ROOT\sandbox\mail.cfm:7):7
at railo.runtime.PageContextImpl.doInclude(PageContextImpl.java:625):
625
at railo.runtime.listener.ClassicAppListener._onRequest
(ClassicAppListener.java:35):35
When I try useTLS="true" and send on port 465 I get an error, when I
use useSSL="true" on port 465 it sends the email.
I thought that SSL on 465 had been deprecated in favor of TLS on 25,
which is what I want to use. I want to turn of 465, but right now it's
my only way of sending mail over any type of encryption.
When I check openssl on port 25 I see my server certificate.
Any thoughts on why port 25 is giving me trouble with TLS? Oh, and any
thoughts on the attachment / MIME issue when sending mail?
Thanks Micha!
On Jan 6, 2:33 am, Michael Offner-Streit <michael.off...@railo.ch>
whostheJBoss
here:
http://trac.getrailo.org/railotags/wiki/CfJavaMail
But it doesn't show up in the list of Applications.
What's the best way to install this tag?
denstar
cfc in {railo-context}/library/tag. The link it at the top there
"latest source code".
Or just put it in the same directory as a test file and call it that way.
I've got an extension site, but I don't think the latest version is up
there. We're still trying to figure out how to handle the
railoprojects one.
I'm in the middle of something right now, so I'll get back to you on the rest.
Feel free to send me some credentials and the hostname, if I can get
to it from out here, and I'll make sure the javamail tag at least
works with it.
:den
--
I do everything I think possible or acceptable to escape from this trap.
Jacques Derrida
denstar
> Ok, so now I'm feeling even more confused.
>
> I wasn't under the impression that what I was trying to do would need
> to use a client certificate.
It doesn't, which is why I expressed surprise when you said you were
using a client cert. :)
...
> My Postfix log shows:
>
> Jan 4 12:16:30 mail postfix/smtpd[4719]: SSL3 alert
> read:fatal:certificate unknown
> Jan 4 12:16:30 mail postfix/smtpd[4719]: SSL_accept:failed in SSLv3
> read client certificate A
> Jan 4 12:16:30 mail postfix/smtpd[4719]: SSL_accept error from
> localhost[127.0.0.1]: 0
> Jan 4 12:16:30 mail postfix/smtpd[4719]: warning: TLS library
> problem: 4719:error:14094416:SSL
> routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:
> 1053:SSL alert number 46:
> Jan 4 12:16:30 mail postfix/smtpd[4719]: lost connection after
> STARTTLS from localhost[127.0.0.1]
> Jan 4 12:16:30 mail postfix/smtpd[4719]: disconnect from localhost
> [127.0.0.1]
Why should postfix be complaining about a certificate if you're not
using a client one? That's the only reason it would need a
certificate that I can think of.
Are you sure you don't have postfix configured to ask for a client
cert? You said yes, so maybe Railo is trying to present a certificate
when you specify useTLS! Maybe some sort of network sniffing tool
would help. :-/
> And my Railo log shows:
> "ERROR","web-0","01/04/2010","12:16","mail spooler","Can't send
> command to SMTP host;
> nested exception is:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target"
Seems sorta odd. Wonder if this is a misleading error message. As it
works with SSL.
> Is this what adding the cert to the keystore SHOULD do?
Yup, that sounds right. Adds the cert to the trust, so no prompting
for acceptance.
> p.s. And if you are feeling lucky, maybe you have a solution for this:
>
> When I send email through <cfmail> on Railo the email comes through
> with an attachment.
Dunno off hand. You can see if cfjavamail adds the same header.
--
I have always had trouble recognizing myself in the features of the
intellectual playing his political role according to the screenplay
that you are familiar with and whose heritage deserves to be
questioned.
Jacques Derrida
denstar
add TLS support (useTLS bool arg).
I don't have anything to test against at the moment, so who knows if
it works. :)
:DeN
--
I never give in to the temptation to be difficult just for the sake of
being difficult. That would be too ridiculous.
Jacques Derrida
Jordan Michaels
commercial accounts anyway, and I imagine it's possible with a standard
gmail account too.
Just an idea of a place you might be able to test with...
--
Warm regards,
Jordan Michaels
Vivio Technologies
http://www.viviotech.net/
Open BlueDragon Steering Committee
Railo Community Distributions
Ryan Letulle
--
Ryan LeTulle
Ryan Letulle
--
Ryan LeTulle
Paul Kukiel
Ryan Letulle
--
Ryan LeTulle
Todd Rafferty
~Todd Rafferty ** Volunteer Railo Open Source Community Manager ** http://getrailo.org/
Paul Kukiel
whostheJBoss
cfjavamail when trying to send?
SMTP doesn't work...
Jordan Michaels
complicated) Internet applications there are. It's extremely confusing
and can get very complicated very quickly.
That said, SMTP is the protocol that clients use when SENDING email. IE:
the set of rules an email client will use to connect to an email
server when it wants to deliver mail to it (or through it):
Client ---Mail--->> [SMTP] Server
POP = downloading mail to a local client
IMAP = remote viewing of mail
Hope that helps.
--
Warm regards,
Jordan Michaels
Vivio Technologies
http://www.viviotech.net/
Open BlueDragon Steering Committee
Railo Community Distributions
whostheJBoss
I'm quite familiar with SMTP / POP, but my question was specifically
for the <cfjavamail> tag that denstar suggested. I'm trying to get my
SMTP to accept TLS encryption, but I keep getting errors.
I tried using protocol="SMTP" but it threw an error, it seems my only
options for protocol are POP and IMAP variations.
Thanks though!
On Jan 6, 4:35 pm, Jordan Michaels <jor...@getrailo.org> wrote:
> It's not a dumb question. Email is one of the oldest (and thus most
> complicated) Internet applications there are. It's extremely confusing
> and can get very complicated very quickly.
>
> That said, SMTP is the protocol that clients use when SENDING email. IE:
> the set of rules an email client will use to connect to an email
> server when it wants to deliver mail to it (or through it):
>
> Client ---Mail--->> [SMTP] Server
>
> POP = downloading mail to a local client
> IMAP = remote viewing of mail
>
> Hope that helps.
>
> --
> Warm regards,
> Jordan Michaels
> Vivio Technologieshttp://www.viviotech.net/
Jordan Michaels
My apologies for my own confusion.
whostheJBoss
> using a client cert. :)
Well, I used the wrong term. I meant I wanted my client to accept the
TLS cert from the server, not that I wanted a client cert to do the
auth. :)
>
> Are you sure you don't have postfix configured to ask for a client
> cert? You said yes, so maybe Railo is trying to present a certificate
> when you specify useTLS! Maybe some sort of network sniffing tool
> would help. :-/
I have checked the Postfix config, I don't see any reference to any of
the client cert parameters that would enable it.
One obvious problem is this:
When I try SSLCertificateInstall() and SSLCertificateList() on port
465, both show me the certificate and cause no errors.
When I try them on port 25 I get: "Could not obtain server certificate
chain"
So, I am unable to install the server's cert on port 25, even though
telnet on port 25 when I run EHLO shows STARTTLS and openssl on port
25 shows the cert.
Could you show me the proper syntax to send with <cfjavamail> for
SMTP? Also, what methods would I call if I didn't want to install as a
custom tag, but instead as a normal CFC?
I've tried calling the send method directly, but it needs all of the
instance variables to do that, so init has to be run first.
denstar
>> It doesn't, which is why I expressed surprise when you said you were
>> using a client cert. :)
>
> Well, I used the wrong term. I meant I wanted my client to accept the
> TLS cert from the server, not that I wanted a client cert to do the
> auth. :)
Gotcha, makes total sense.
>>
>> Are you sure you don't have postfix configured to ask for a client
>> cert? You said yes, so maybe Railo is trying to present a certificate
>> when you specify useTLS! Maybe some sort of network sniffing tool
>> would help. :-/
>
> I have checked the Postfix config, I don't see any reference to any of
> the client cert parameters that would enable it.
Yeah, and it wouldn't work though thunderbird either.
> One obvious problem is this:
>
> When I try SSLCertificateInstall() and SSLCertificateList() on port
> 465, both show me the certificate and cause no errors.
>
> When I try them on port 25 I get: "Could not obtain server certificate
> chain"
What if you try it on port 80? Just some port that's open but doesn't
have a cert? Same error? Randomness. :)
> Could you show me the proper syntax to send with <cfjavamail> for
> SMTP? Also, what methods would I call if I didn't want to install as a
> custom tag, but instead as a normal CFC?
>
> I've tried calling the send method directly, but it needs all of the
> instance variables to do that, so init has to be run first.
Turns out it didn't have the smtp protocol in there. I added it and
am testing with gmail.
You can see an example of using it as a component by going up a few
dirs in the rep to the tests one, and then down to the testcfjavamail
test.
It's an horrible test, and it explains why sending emails doesn't
work. :) I had only tested getting email from gmail with it (imaps
and pops), as you can see from the crappy unit test.
I'll commit the test and the changes needed to send emails through
gmail at least, in a bit.
:DeN
--
I wrote some bad poetry that I published in North African journals,
but even as I withdrew into this reading, I also led the life of a
kind of young hooligan.
Jacques Derrida
whostheJBoss
> Gotcha, makes total sense.
:)
> Yeah, and it wouldn't work though thunderbird either.
No, it DID work with Thundebird... I can use TLS on port 25 and
Thunderbird sends it. It won't let me send until I approve the
security exception for my self-signed cert, but after I do that
Thunderbird sends fine.
It prompts me with "Your are about to override how Thunderbird
identifies this site.", I click "get certificate" and then "confirm
security exception" with "permanently store this exception" checked.
After that, mail sends (and comes through without an attachment!)
>
> What if you try it on port 80? Just some port that's open but doesn't
> have a cert? Same error? Randomness. :)
Ok, I try: <cfdump var="#SSLCertificateList("mail.mydomain.com",465)
#"> (which uses the same cert) and get no error and see the cert dump.
I can send over SSL on port 465. I'm guessing it has no problem
getting the cert.
If I try: <cfdump var="#SSLCertificateList("mail.mydomain.com",25)#">
I get: "Could not obtain server certificate chain"
I also get the Could not obtain server certificate chain" error on
port 80
Like I said, the EHLO on 25 shows STARTTLS
And openssl on port 25 shows the cert, but the SSLInstallCert() and
SSLCertificateList() functions flips out.
> Turns out it didn't have the smtp protocol in there. I added it and
> am testing with gmail.
>
I'll check :)
denstar
>>
>> Gotcha, makes total sense.
>
> :)
>
>
>> Yeah, and it wouldn't work though thunderbird either.
>
> No, it DID work with Thundebird... I can use TLS on port 25 and
> Thunderbird sends it. It won't let me send until I approve the
> security exception for my self-signed cert, but after I do that
> Thunderbird sends fine.
Yeah, I meant "it wouldn't work through thunderbird either if it was
requesting a cert, and it does, so it's probably not that". Sorry for
the confusion.
>>
>> What if you try it on port 80? Just some port that's open but doesn't
>> have a cert? Same error? Randomness. :)
>
> Ok, I try: <cfdump var="#SSLCertificateList("mail.mydomain.com",465)
> #"> (which uses the same cert) and get no error and see the cert dump.
> I can send over SSL on port 465. I'm guessing it has no problem
> getting the cert.
>
> If I try: <cfdump var="#SSLCertificateList("mail.mydomain.com",25)#">
> I get: "Could not obtain server certificate chain"
>
> I also get the Could not obtain server certificate chain" error on
> port 80
Interesting.
> Like I said, the EHLO on 25 shows STARTTLS
>
> And openssl on port 25 shows the cert, but the SSLInstallCert() and
> SSLCertificateList() functions flips out.
You should only have to add the cert to the store once, I'd think.
Shouldn't matter what port you get it from.
I think that STARTTLS means that it /can/ do TLS, and there's
something extra you have to do to use it. OpenSSL probably knows what
to do.
Maybe it's as easy as setting a socketFactory setting...
>
>> Turns out it didn't have the smtp protocol in there. I added it and
>> am testing with gmail.
>>
>
> I'll check :)
Cool, sending emails through gmail is still not working yet tho. :)
--
If this work seems so threatening, this is because it isn't simply
eccentric or strange, but competent, rigorously argued, and carrying
conviction.
Jacques Derrida
whostheJBoss
> something extra you have to do to use it. OpenSSL probably knows what
> to do.
So shouldn't <cfmail> in Railo issue STARTTLS when useTLS="true" ?
> Maybe it's as easy as setting a socketFactory setting...
Hmmm, do elaborate...
whostheJBoss
"Can't send command to SMTP host " in the mail log.
When I don't use TLS, it sends through fine.
So, what in the world is going on?
Thunderbird can do it, but CF and Railo can't?
whostheJBoss
I ran InstallCert on the JVM for CF9 and it accepted it.
CF9 now sends over TLS on port 25 with no attachment coming into the
inbox.
This is exactly how it should function on Railo.
I've repeated the steps, but no luck...
whostheJBoss
Railo?
Michael Offner-Streit
tnx micha
whostheJBoss schrieb:
--
Michael Offner-Streit
CTO
Railo Technologies GmbH
whostheJBoss
I'm seeing with the attachment. I had thought that my jvm might have
been to blame, but I tried it on two different ones and got the same
result.
On Jan 7, 1:56 am, Michael Offner-Streit <michael.off...@railo.ch>
wrote:
> michael.off...@railo.chwww.getrailo.com
denstar
>> I think that STARTTLS means that it /can/ do TLS, and there's
>> something extra you have to do to use it. OpenSSL probably knows what
>> to do.
>
> So shouldn't <cfmail> in Railo issue STARTTLS when useTLS="true" ?
Yes, I was thinking of the SSLCertificateInstall command and how it
didn't like what it got from port 25.
>> Maybe it's as easy as setting a socketFactory setting...
>
> Hmmm, do elaborate...
Something like this:
props.put("mail.smtp.socketFactory.class","javax.net.ssl.SSLSocketFactory");
But it's probably not that easy. :)
FWIW, sending is working with the cfjavamail tag-- at least through gmail.
--
No one gets angry at a mathematician or a physicist whom he or she
doesn't understand, or at someone who speaks a foreign language, but
rather at someone who tampers with your own language.
Jacques Derrida
whostheJBoss
Exception reading response;
nested exception is:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?
at com.sun.mail.smtp.SMTPTransport.readServerResponse
(SMTPTransport.java:1407):1407
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1205):
1205
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:
322):322
at javax.mail.Service.connect(Service.java:236):236
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method):-2
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source):-1
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source):-1
at java.lang.reflect.Method.invoke(Unknown Source):-1
Oh, and another thing...
When I tried the tag, I had to put cc="", bcc="" and body="" in the
<cfjavamail> tag itself, I was getting errors taht cc was required but
not passed in, etc.
When I try to send without TLS I get this:
No matching Method/Function for request.DEBUG(boolean) found
at railo.runtime.reflection.Reflector.throwCall(Reflector.java:566):
566
at railo.runtime.reflection.Reflector.callMethod(Reflector.java:550):
550
at railo.runtime.util.VariableUtilImpl.callFunctionWithoutNamedValues
(VariableUtilImpl.java:630):630
at railo.runtime.PageContextImpl.getFunction(PageContextImpl.java:
1271):1271
at javamail_cfc$cf.udfCall3(C:\Program Files (x86)\Apache Software
Foundation\Tomcat 6.0\sites\linkdrop\ROOT\WEB-INF\railo\library\tag
\javamail.cfc:692):692
at javamail_cfc$cf.udfCall(C:\Program Files (x86)\Apache Software
Foundation\Tomcat 6.0\sites\linkdrop\ROOT\WEB-INF\railo\library\tag
\javamail.cfc):-1
at railo.runtime.type.UDFImpl.implementation(UDFImpl.java:213):213
at railo.runtime.type.UDFImpl._call(UDFImpl.java:371):371
denstar
working as it should, TLS/SSL wise (added useSSL as an option too =)).
Tests work for gmail at least.
:DeN
--
To be in love Is to touch with a lighter hand. In yourself you
stretch, you are well.
Gwendolyn Brooks
whostheJBoss
"Unrecognized protocol: SMTP"
When I search the CFC for the word smtp, nothing comes u....
denstar
check, as it should have been in there anyways, but I'm 100% positive
smtp is in there. :)
The only important functions for sending are the getStore() and
send(). Protocol stuff is in getStore.
It's a way-old, much-modded cfc-- We're 100% open for anyone to
refactor or contribute or whatever. =]
--
We are all mediators, translators.
Jacques Derrida
whostheJBoss
http://svn.getrailo.org/svn/railotags/cfjavamail/trunk/src/tag/
Search the source for smtp, it doesn't show up anywhere... and I get
that error message... maybe you didn't commit the newest one? :)
denstar
> Hmm, I got my source from here:
>
> http://svn.getrailo.org/svn/railotags/cfjavamail/trunk/src/tag/
>
> Search the source for smtp, it doesn't show up anywhere... and I get
> that error message... maybe you didn't commit the newest one? :)
That's the right place. Revision 304. I see the correct source. Weird.
Here's the contents:
http://cfml.pastebin.com/m637399bd
--
Whatever precautions you take so the photograph will look like this or
that, there comes a moment when the photograph surprises you. It is
the other's gaze that wins out and decides.
Jacques Derrida
whostheJBoss
restarted Railo, but new error:
Railo 3.1.2.006 Error (Expression)
Message No matching Method/Function for String.ISCONNECTED() found
Stacktrace The Error Occurred in
C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\sites\foo
\ROOT\WEB-INF\railo\library\tag\javamail.cfc: line 137
135: </cfif>
136: <cfif arguments.protocol neq "'">
137: <cfreturn variables._instance.connection.isConnected()>
138: <cfelse>
139: <cfreturn true>
called fromC:\Program Files (x86)\Apache Software Foundation\Tomcat
6.0\sites\foo\ROOT\WEB-INF\railo\library\tag\javamail.cfc: line 146
called fromC:\Program Files (x86)\Apache Software Foundation\Tomcat
6.0\sites\foo\ROOT\playground\mail.cfm: line 4
Java Stacktrace
No matching Method/Function for String.ISCONNECTED() found
at railo.runtime.reflection.Reflector.throwCall(Reflector.java:566):
566
at railo.runtime.reflection.Reflector.callMethod(Reflector.java:550):
550
at railo.runtime.util.VariableUtilImpl.callFunctionWithoutNamedValues
(VariableUtilImpl.java:630):630
at railo.runtime.PageContextImpl.getFunction(PageContextImpl.java:
1271):1271
at javamail_cfc$cf.udfCall1(C:\Program Files (x86)\Apache Software
Foundation\Tomcat 6.0\sites\foo\ROOT\WEB-INF\railo\library\tag
\javamail.cfc:137):137
at javamail_cfc$cf.udfCall(C:\Program Files (x86)\Apache Software
Foundation\Tomcat 6.0\sites\foo\ROOT\WEB-INF\railo\library\tag
\javamail.cfc):-1
at railo.runtime.type.UDFImpl.implementation(UDFImpl.java:213):213
at railo.runtime.type.UDFImpl._call(UDFImpl.java:371):371
at railo.runtime.type.UDFImpl.callWithNamedValues(UDFImpl.java:329):
329
at railo.runtime.util.VariableUtilImpl.callFunctionWithNamedValues
(VariableUtilImpl.java:660):660
denstar
Can you see the latest source for the component test? There should be
testSendTLS and testSendSSL examples.
Theoretically it's fixed. I'll commit it later, as I've been using
this to test the latest changes to CFE, and my test instance doesn't
have subclipse.
Thanks for checking it out. You are wind beneath my wings, so to speak. :)
--
Who ever said that one was born just once?
Jacques Derrida