shevett / congo

CONGO Event Management System
GNU Affero General Public License v3.0
3 stars 1 forks source link

Accept self-signed TLS connections to SMTP servers #363

Open shevett opened 9 years ago

shevett commented 9 years ago

CONGO right now throws an error if it connects to an SMTP server that requires TLS but has a self signed cert

2015-08-03 15:44:24,031 DEBUG [SendMail] 'target' for email is shayde@yahoo.com 2015-08-03 15:44:24,041 DEBUG [SMTP] Connecting to smtp.arisia.org on port 587 via methodology NONE ... 2015-08-03 15:44:40,079 DEBUG [SMTP] 220 prospero.ilk.org ESMTP Sendmail 8.14.7/8.14.7; Mon, 3 Aug 2015 15:44:31 -0400

2015-08-03 15:44:40,081 DEBUG [SMTP] Attempting to do a STARTTLS... 2015-08-03 15:44:40,877 DEBUG [SMTP] Forcing disconnect due to IOException 2015-08-03 15:44:40,877 ERROR [SMTP] Could not connect to server 'smtp.arisia.org' : sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Fix.

shevett commented 9 years ago

Just a note that it's confirmed if you turn off encryption on the target host, and set PLAIN as the login methodology, the cleint connects and delivers mail fine. This obviously exposes the password being used to MITM sniffing, but the auth'ed account should be using a throwaway password anyway, right?