英文:
X509 Certificate issue with Go smtp.SendMail
问题
当使用Go的smtp.SendMail发送电子邮件到support@groupsio.zendesk.com时,我收到以下错误信息:
x509: 证书有效的是mx.zendesk.com,www.mx.zendesk.com,而不是mail.pod-4.int.zendesk.com。
在调用SendMail之前,我对groupsio.zendesk.com进行了MX查找,返回的是mail.pod-4.int.zendesk.com。因此,我传递给SendMail的地址是mail.pod-4.int.zendesk.com:25。
这个过去是可以工作的,但现在出了问题,我无法找出是什么出了错。如果我从Gmail发送消息到support@groupsio.zendesk.com,一切正常。
英文:
When using Go's smtp.SendMail to send an email to support@groupsio.zendesk.com, I get the following error:
x509: certificate is valid for mx.zendesk.com, www.mx.zendesk.com, not mail.pod-4.int.zendesk.com
Before calling SendMail, I do an MX lookup on groupsio.zendesk.com, which returns mail.pod-4.int.zendesk.com. So, the address I pass into SendMail is mail.pod-4.int.zendesk.com:25.
This used to work, but something broke and I can't figure out what's wrong. If I send a message to support@groupsio.zendesk.com from Gmail, it works fine.
答案1
得分: 3
使用http://www.checktls.com/,很明显Zendesk的TLS证书是错误的,因为它没有指定mail.pod-4主机。但是,你仍然可以使用该证书加密消息;只是你可能容易受到中间人攻击。
Go TLS库有一个配置标志,InsecureSkipVerify,当设置为true时,将继续使用该证书/主机组合。在smtp.SendMail级别无法指定该标志。如果你希望继续发送电子邮件,你需要克隆smtp库,并在smtp.SendMail的第283行将InsecureSkipVerify标志设置为true。
我不确定Gmail是否在功能上这样做,或者我是否遗漏了某个细节。
英文:
Using http://www.checktls.com/, it's clear that the Zendesk TLS cert is incorrect in that it doesn't specify that mail.pod-4 host. But, you can still use the cert to encrypt the message; you just may be susceptible to man-in-the-middle attacks.
The Go TLS library has a config flag, InsecureSkipVerify, that when set to true, will go ahead with this certificate/host combo. There's no way to specify that flag at the smtp.SendMail level. If you wish to go ahead and send the email anyways, you need to clone the smtp library, and within smtp.SendMail, on line 283, set the InsecureSkipVerify flag to true.
It's unclear to me if Gmail is functionally doing this, or if I'm missing a detail somewhere.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论