1.0.0 TLS Verification Problem

Question

1.0.0 TLS Verification Problem

osterman opened this issue 6 years ago · 3 comments

what

Using 0.0.1 I was able to send mail without --insecure-skip-verify
Using 1.0.0 I need to add --insecure-skip-verify

email erik@cloudposse.com \
   --port 587 \
   --host smtp.mailgun.org \
   --subject test \
   --body dude \
   --from ops@cloudposse.com \
   --username postmaster@cloudposse.com

what happens

Client hangs indefinitely (downgrading immediately works)

other info

Using smtp.mailgun.org with alpine linux 3.8 and ca-certificates installed

Answer 1 · 2018-10-25T10:32:03.000Z

Hm, there shouldn't be a problem - no code has changed, and there shouldn't be a way to have it lock up like that.

I'll try bumping the Golang version since the TLS library has improved with versions and cut 1.0.1..

Answer 2 · 2018-10-25T11:22:27.000Z

Okay fixed - somehow the behaviour of the TLS changed at some point, and the tlsConf needed the ServerName parameter set to work at all.

I've released https://github.com/wrouesnel/emailcli/releases/tag/v1.0.3 which includes this fix + adds an explicit --tls-host option to allow specifying a certificate name to verify against. Testing with my gmail account this is now working.

Answer 3 · 2018-11-20T01:08:32.000Z

Thanks @wrouesnel ! Sorry I missed your update.