Re: [PATCH] send-email: squelch warning from Net::SMTP::SSL

[Colin Guthrie]

'Twas brillig, and Junio C Hamano at 29/07/13 17:01 did gyre and gimble:
 Colin Guthrie gm...@colin.guthr.ie writes:
 
 For what it's worth, after upgrading here, I got this error at the
 server side:

 Jul 26 10:15:41 foo.example.com postfix/smtpd[7736]: warning: TLS
 library problem: 7736:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
 alert unknown ca:s3_pkt.c:1256:SSL alert number 48:


 This is because my postfix doesn't have a ca bundle configured but all
 other mail clients have been fine before.

 With the original patch here I could continue.

 I'd really love to see an option to set this to none in the .gitconfig,
 
 Isn't that what the final patch committed under Ram's name
 implements?
 
 sendemail.smtpsslcertpath::
Path to ca-certificates (either a directory or a single file).
Set it to an empty string to disable certificate verification.
 
 or have we missed your use case?

Yeah that patch works fine if I set the certpath =  in the config, and
I even added that path to our packages.

I read the mailing list after following the google trail and replied to
that specific message without realising a more recent patch was
available and then didn't post a followup saying the final patch worked
- my bad!

Sorry about that, and thanks to everyone for the final patch :)

Col


-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/
--
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] send-email: squelch warning from Net::SMTP::SSL

[Colin Guthrie]

'Twas brillig, and Matthieu Moy at 05/07/13 12:31 did gyre and gimble:
 Ramkumar Ramachandra artag...@gmail.com writes:
 
 John Keeping wrote:
 I don't think this is really fix, it's more plastering over the
 problem.

 It defaulted to SSL_VERIFY_NONE before Net::SMTP::SSL was updated, and
 the behavior hasn't changed now.  The new version simply asks us to be
 explicit about SSL_VERIFY_NONE, so we are aware about it.
 
 We as the Git developers, yes. But your change makes sure users are
 _not_ aware about it. There's a long history of software ignoring SSL
 certificates by default, I don't think we should cast in stone that we
 don't want SSL certificate verification.

For what it's worth, after upgrading here, I got this error at the
server side:

Jul 26 10:15:41 foo.example.com postfix/smtpd[7736]: warning: TLS
library problem: 7736:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca:s3_pkt.c:1256:SSL alert number 48:


This is because my postfix doesn't have a ca bundle configured but all
other mail clients have been fine before.

With the original patch here I could continue.

I'd really love to see an option to set this to none in the .gitconfig,
but agree with the principle that it should be one by default and the
setting should over ride that.

All the best

Col

PS I'm mainly posting this such that people searching the intertubes for
the postfix error above and git-send-email will match at least this
message and find the fix/workaround :)

-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/

--
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html