[Techtalk] "openssl s_client" to gmail smtps fails after rcpt to w/
RENEGOTIATING
Kelly Jones
kelly.terry.jones at gmail.com
Tue Nov 28 04:10:51 UTC 2006
I'm trying to use Gmail's secure, authenticating SMTP server to send
mail, and am testing on the command line first:
openssl s_client -verify 0 -connect smtp.gmail.com:465
(using "OpenSSL 0.9.6b [engine] 9 Jul 2001", but later versions,
including "OpenSSL 0.9.7i 14 Oct 2005" on my Mac OS X system, fail as
well).
It accepts my authentication, but says "RENEGOTIATING" after I do a
"RCPT TO:" (maybe my s_client is saying "RENEGOTIATING", I'm not
sure). All "DATA" command fail thereafter as well.
What am I doing wrong and how to fix it? It seems to be complaining
about my client certificate, but how does it get so far without that?
Sample session below: (password has been elided)
> openssl s_client -connect smtp.gmail.com:465
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/Email=premium-server at thawte.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDYzCCAsygAwIBAgIQGammhRRmnz+EbNWqDxllyTANBgkqhkiG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tMB4XDTA2MDgyMTE2NTMxMVoXDTA3MDgyMTE2NTMxMVow
aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDnNtdHAu
Z21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmuVOWrgH5V3Vd
UBrrQn+0QP932c86910fXX033nC/EbILl4nmYXduHB0526M7LUkrrnKa9g1A6Q+J
NKlLtcS2djKJyavbdCDtPSGBE7soAaZR1YLYLBOnJiBu5hGEG2AvzE+iq/NO0N2h
5olyOlLjYg6I4pAgF5+tVLt+f/ZLgwIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRo
YXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQm
MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/
BAIwADANBgkqhkiG9w0BAQUFAAOBgQAgYp1sXa779Wu+eQbcw05zdUeGWxbcLNnb
FrO7OrxC524FABK9KX+vOeD1/h3DFrcuZoX5tbGqv4j0kz7VZOwvBho5RJrXpb6K
1lh0KN7EpY7MGHi0P75CO+SWJLq+vvdd8omKLfIBVsOkNJKIwnKzWJZId59Q5MsI
sLoYUUeeuw==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/Email=premium-server at thawte.com
---
No client certificate CA names sent
---
SSL handshake has read 1025 bytes and written 314 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: 47A3D16DBB7646E42F2BEE11B5B39F9E64C46EF797CD26F8F7B57AB49B6364D\
F
Session-ID-ctx:
Master-Key: 10E1A3E9169E683F0348FD995DA601D34A882F184C4D7BD0A172DA40593933C\
FD40DF8C096F0D826EA886D6894612DD8
Key-Arg : None
Start Time: 1164686209
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
220 mx.google.com ESMTP g3sm28828705wra
HELO whatever.com
250 mx.google.com at your service
AUTH PLAIN
334
AGtlbGx5LnRlcnJ5LmpvbmVzAG5vdF9teV9wYXNz
235 2.7.0 Accepted
MAIL FROM: <kelly.terry.jones at gmail.com>
250 2.1.0 OK
RCPT TO: <techtalk at linuxchix.org>
RENEGOTIATING
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
DATA
503 5.5.1 RCPT first g3sm28828705wra
QUIT
DONE
--
We're just a Bunch Of Regular Guys, a collective group that's trying
to understand and assimilate technology. We feel that resistance to
new ideas and technology is unwise and ultimately futile.
More information about the Techtalk
mailing list