git send-email and SMTP with SSL

On Fedora 20, when using git send-email I always got this error:

Unable to initialize SMTP properly. Check config and use --smtp-debug. VALUES: server=my.server.com encryption=ssl hello=my.host.com port=465 at /usr/libexec/git-core/git-send-email line 1255.

Even using the suggested parameter –smtp-debug 1 did not help, I get the exactly same output with that parameter. In the end, it turned out the self-signed certificate is not accepted right away (which of course is good) but lead to no specific error message (which is not so good). However, using the parameter –smtp-ssl-cert-path “” disables certificate verification, which already allowed me to send the e-mail.

However, one want to install the certificate in a way that its always accepted. git send-email relies on OpenSSL certificate database. In order to add an additional CA certificate one has to add it to /etc/pki/tls/certs and create a symlink to its hash.

$ curl http://url.to/root.crt -o myroot.crt
$ openssl x509 -noout -in myroot.crt -fingerprint

If you are paranoid, and you should be nowadays, verify your fingerprint at this point 🙂

# mv myroot.crt /etc/pki/tls/certs
# cd /etc/pki/tls/certs
# openssl x509 -in myroot.crt -out myroot.pem -outform PEM
# ln -s myroot.pem `openssl x509 -hash -noout -in myroot.pem`.0

Update:
This works also for Arch Linux, however the OpenSSL certificates are located under /etc/ssl/certs/. Also for SMTP with SSL to work, the following packages are needed

pacman -S perl-net-smtp-ssl perl-authen-sasl

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>