From: John Keeping <john@keeping.me.uk>
To: Jeff King <peff@peff.net>
Cc: git@vger.kernel.org
Subject: Re: [RFC/PATCH] send-email: die if CA path doesn't exist
Date: Tue, 24 Nov 2015 23:10:41 +0000 [thread overview]
Message-ID: <20151124231041.GC18913@serenity.lan> (raw)
In-Reply-To: <20151124222821.GA10058@sigill.intra.peff.net>
On Tue, Nov 24, 2015 at 05:28:21PM -0500, Jeff King wrote:
> On Tue, Nov 24, 2015 at 10:17:08PM +0000, John Keeping wrote:
>
> > I wonder if we should do this to help debug SSL issues:
> >
> > -- >8 --
> > diff --git a/git-send-email.perl b/git-send-email.perl
> > index e057051..6d4e0ee 100755
> > --- a/git-send-email.perl
> > +++ b/git-send-email.perl
> > @@ -1317,6 +1317,10 @@ Message-Id: $message_id
> > require Net::SMTP::SSL;
> > $smtp_domain ||= maildomain();
> > require IO::Socket::SSL;
> > + if ($debug_net_smtp) {
> > + no warnings 'once';
> > + $IO::Socket::SSL::DEBUG = 1;
> > + }
> > # Net::SMTP::SSL->new() does not forward any SSL options
> > IO::Socket::SSL::set_client_defaults(
> > ssl_verify_params());
> > -- 8< --
>
> That certainly looks like a reasonable thing to be doing, assuming that
> the output from IO::Socket::SSL is generally helpful.
It's a bit verbose for errors, but it does let you know what went wrong:
DEBUG: .../IO/Socket/SSL.pm:1796: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:673: fatal SSL error: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:1780: IO::Socket::IP configuration failed
It doesn't print anything when the SSL connection is established
successfully, but I don't think that's a problem and if we jump to
level 2 it starts logging things like:
DEBUG: .../IO/Socket/SSL.pm:687: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:707: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:677: ssl handshake in progress
without adding anything useful.
> > > > Maybe we shouldn't worry too much about that, but should instead put the
> > > > invalid path into the error message:
> > > >
> > > > die "CA path \"$smtp_ssl_cert_path\" does not exist.";
> > >
> > > Given what I wrote above, yeah, I'd agree that is sufficient (and I do
> > > think mentioning the path is helpful).
> >
> > I'll change it to this in a re-roll.
>
> Thanks.
next prev parent reply other threads:[~2015-11-24 23:10 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-17 22:12 [RFC/PATCH] send-email: die if CA path doesn't exist John Keeping
2015-11-20 11:18 ` Jeff King
2015-11-20 19:46 ` John Keeping
2015-11-24 19:58 ` Jeff King
2015-11-24 22:17 ` John Keeping
2015-11-24 22:28 ` Jeff King
2015-11-24 23:10 ` John Keeping [this message]
2015-11-24 23:31 ` [PATCH v2] " John Keeping
2015-11-24 23:35 ` Jeff King
2015-11-25 10:19 ` John Keeping
2015-11-25 10:23 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151124231041.GC18913@serenity.lan \
--to=john@keeping.me.uk \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.