git send-email and SMTP with SSL

On Fedora 20, when using git send-email I always got this error:

Unable to initialize SMTP properly. Check config and use --smtp-debug. VALUES: encryption=ssl port=465 at /usr/libexec/git-core/git-send-email line 1255.

Even using the suggested parameter –smtp-debug 1 did not help, I get the exactly same output with that parameter. In the end, it turned out the self-signed certificate is not accepted right away (which of course is good) but lead to no specific error message (which is not so good). However, using the parameter –smtp-ssl-cert-path “” disables certificate verification, which already allowed me to send the e-mail.

However, one want to install the certificate in a way that its always accepted. git send-email relies on OpenSSL certificate database. In order to add an additional CA certificate one has to add it to /etc/pki/tls/certs and create a symlink to its hash.

$ curl -o myroot.crt
$ openssl x509 -noout -in myroot.crt -fingerprint

If you are paranoid, and you should be nowadays, verify your fingerprint at this point 🙂

# mv myroot.crt /etc/pki/tls/certs
# cd /etc/pki/tls/certs
# openssl x509 -in myroot.crt -out myroot.pem -outform PEM
# ln -s myroot.pem `openssl x509 -hash -noout -in myroot.pem`.0

This works also for Arch Linux, however the OpenSSL certificates are located under /etc/ssl/certs/. Also for SMTP with SSL to work, the following packages are needed

pacman -S perl-net-smtp-ssl perl-authen-sasl

Leave a Comment