Saturday, June 25, 2016

certificate problems trying to send email with libcurl

Leave a Comment

This is my libcurl code. I am trying to send email to my own email domain in linux.

This is my sample libcurl code.

curl_easy_setopt(curl, CURLOPT_USERNAME, "username@mydomain.com");     curl_easy_setopt(curl, CURLOPT_PASSWORD, "mypassword");     curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.mydomain.com:25");     curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL);     curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM);     recipients = curl_slist_append(recipients, TO);     curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);     curl_easy_setopt(curl, CURLOPT_INFILESIZE, file_size);     curl_easy_setopt(curl, CURLOPT_READFUNCTION, fileBuf_source);     curl_easy_setopt(curl, CURLOPT_READDATA, &file_upload_ctx);     curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);     curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); //Dont display Curl Connection data Change 1L to 0      res = curl_easy_perform(curl); 

When I run this code, I am getting the below error.

* Rebuilt URL to: smtp://mail.mydomain.com:25/ * Hostname was NOT found in DNS cache *   Trying <My mail domain Ip address>... * Connected to mail.mydomain.com (<My mail domain Ip address>) port 25 (#0) < 220 mail.mydomain.com ESMTP > EHLO client6 < 250-mail.mydomain.com < 250-PIPELINING < 250-SIZE 20480000 < 250-VRFY < 250-ETRN < 250-STARTTLS < 250-AUTH PLAIN LOGIN < 250-ENHANCEDSTATUSCODES < 250-8BITMIME < 250 DSN > STARTTLS < 220 2.0.0 Ready to start TLS * successfully set certificate verify locations: *   CAfile: none   CApath: /etc/ssl/certs * SSL certificate problem: self signed certificate * Closing connection 0 curl_easy_perform() failed: Peer certificate cannot be authenticated with given CA certificates 

1 Answers

Answers 1

Your issue is that your server is providing a self-signed certificate so curl is not able to verify its provenance. You have several options:

  • The best option is to get a server certificate that is signed by a well-known certificate authority. Some CAs will issue a certificate you can use for free; search for "free ssl certificate". You will need to be able to provide some proof that you control the domain.

  • You can install your self-signed certificate to the list of trusted CAs on the computer(s) that run your libcurl code. The procedure to do this depends on your OS (even different distributions of Linux may do this differently). This link is a decent starting point for Linux.

  • Your program can tell libcurl to verify with the self-signed certificate. See Adding self-signed SSL certificate for libcurl.

  • You can create your own certificate authority and use either of the previous two approaches. The advantage of this over self-signing is it decouples the signing and the signed certificates. If you want to change the server certificate (e.g. if it expires or the host name changes) you don't necessarily need to reconfigure all the clients.

  • For completeness, you could disable verification by setting CURLOPT_SSL_VERIFYPEER to 0. This is highly discouraged, however, as it makes the access insecure. You should only do this for testing purposes, or in the rare case that the network between client and server is guaranteed to be secure.

If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment