-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update embedded default certificate #284
Comments
We need greenmail-mail-test/greenmail#284 to be resolved first, because native-tls uses an up-to-date openssl version, which rejects Greenmail's cert
@jonhoo , how can I reproduce the issue with rust-imap? Can you point me how I could run your test against greenmail? I tried to check the TLS connection:
OpenSSL 1.0.2s produces similiar result. |
|
Oh, that's interesting. Looking more closely, it seems like the certificate validation does not fail if I connect to 127.0.0.1, but does fail if I connect from a different Docker container to the Greenmail one using a hostname. Specifically, see this failing test. This is using https://docs.rs/native-tls/0.2.3/native_tls/ (which just binds to OpenSSL) to connect to port Hope that helps! |
The certificate seems to have been updated between 1.6.1 and 1.6.5, does that certificate update resolve this issue? |
Yes, the certifiacte gets newly generated for each release. You could use your own provided certificate by packing it as 'greenmail.p12' in the JAR (see https://github.com/greenmail-mail-test/greenmail/blob/master/greenmail-core/src/main/java/com/icegreen/greenmail/util/DummySSLSocketFactory.java for details). I opened #421 to allow custom certificates. Alternative is to run GreenMail w/o TLS, and eg use a sidecar container exposing (brings a bit of more complexity). |
The default certificate is rejected by modern OpenSSL clients with an error of "dh key too small". It should be updated to be at least 1024 bits long. Without updating, the Greenmail Docker image will become effectively useless as testing infrastructure gets updated.
The text was updated successfully, but these errors were encountered: