Home/Support/Support Forum/Sending e-mail by smtp.gmail with TLS problem
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

Sending e-mail by smtp.gmail with TLS problem

0 votes
Hi group.
I want to send e-mails from a RCM-4010 ussing DC 10.64 using gmail smtp server


I've set the IP address

#define TCPCONFIG 1 // 5 for DHCP
#define _PRIMARY_STATIC_IP "192.168.1.55"
#define _PRIMARY_NETMASK "255.255.255.0"
#define MY_GATEWAY "192.168.1.1"
#define MY_NAMESERVER "192.168.1.1"

#define FROM "inecoiec@gmail.com"
#define SMTP_TO "omar@inecoiec.com.ar"

// subject and body

#define SUBJECT "Prueba correo TLS"
#define BODY "Cuerpo del mensaje"

/*
* This is the username and password for the account on the
* SMTP server.
*/

#define SMTP_USER "inecoiecr@gmail.com"
#define SMTP_PASS "mypassword" // I've put the true password here

// not made change here

#ifndef SMTP_SERVER
#define SMTP_SERVER "smtp.gmail.com"
//#define SMTP_SERVER "smtp.live.com"
#endif
#ifndef SMTP_PORT
// Port 587 used by secure SMTP service (both Gmail and Hotmail)
#define SMTP_PORT 587
#endif


// and I have uncommented these lines

#define SMTP_VERBOSE
#define SSL_SOCK_VERBOSE
#define _SSL_PRINTF_DEBUG 1
#define SSL_CERT_VERBOSE
// #define X509_VERBOSE
#define TCP_VERBOSE

// (if I uncomment X509_VERBOSE I get this message)

line 1949 : ERROR X509.LIB : __qe_snprintf is out of scope/ not declared.
line 1949 : WARNING X509.LIB : Converting unsigned int to incompatible pointer type void( *)()
line 1949 : WARNING X509.LIB : Wrong type for parameter 1.

//

The program runs but shows this stdio output


SSL_new_cert: cert=FFFFDFEC addr=0000675A type=2 append=0
crypto_public_key_import() returns 000D8B78
SSL_new_cert: OK
SSL_new_cert: cert=FFFFDFEC addr=00006C02 type=2 append=1
SSL_new_cert: OK
SSL_new_cert: cert=FFFFDFEC addr=000070B6 type=2 append=1
SSL_new_cert: OK
sock_init_or_exit: hit any key to terminate
TCP: -7782ms since last call to tcp_tick!
Network default interface up at IP=192.168.1.55 mask=255.255.255.0
Setting authentication parameters...
Sending mail to omar@inecoiec.com.ar via smtp.gmail.com
to:17b4
from:1798
subject:1745
message:1692
SMTP: Resolving smtp.gmail.com
SMTP: Opening to 40E9BA6C:24b
SMTP: Connected
SMTP: Read: 220 smtp.gmail.com ESMTP a19sm14475516qgf.45 - gsmtp
SMTP: Wrote EHLO controller.mydomain.com
SMTP: Read: 250-smtp.gmail.com at your service, [181.46.153.174]
SMTP: Read: 250-SIZE 35882577
SMTP: Read: 250-8BITMIME
SMTP: Read: 250-STARTTLS
SMTP: Read: 250-ENHANCEDSTATUSCODES
SMTP: Read: 250-PIPELINING
SMTP: Read: 250-CHUNKING
SMTP: Read: 250 SMTPUTF8
SMTP: Wrote STARTTLS
SMTP: Read: 220 2.0.0 Ready to start TLS
sock_secure: as client
SSL allocated at 000FE6A8
sock_secure: setting trusted FFFFDFEC
sock_secure: OK, returning secure=BD20
SSL_new_cert: cert=FFFFDECC addr=FFFFDEC2 type=5 append=0
crypto_public_key_import() returns 000E0F40
SSL_new_cert: OK
SSL_new_cert: cert=FFFFDECC addr=FFFFDEC2 type=5 append=1
SSL_new_cert: OK
SSL_new_cert: cert=FFFFDECC addr=FFFFDEC2 type=5 append=1
SSL_new_cert: OK
RSA_PKCS1v1_5_Decrypt (signature check): 2048 bit key
RSA_PKCS1v1_5_Decrypt: done, len=51

*** Certificate verification failed (rc=-1) ***
SSL_free_cert: cert=FFFFDECC format=1
crypto_private_key_free(000E0F40)
*** tls_error: code 951
**** Bad certificate format

^^^Sending fatal alert: 42^^^
_sock_tls_handler: calling sock_close()
_sock_tls_handler: got 'error'
TCP: 1473ms since last call to tcp_tick!
SMTP: Socket unexpectedly closed!
tls_shutdown: how=app abort
SSL_free_cert: cert=000FEB92 format=0
SSL_free_cert: cert=000FEBA2 format=0
SSL freed 000FE6A8
Error sending message

I have download again the EquifaxSecureCA.crt and ThawtePremiumServerCA.crt certificates, but the problem is not resolved

Is there someone that can help to me with this issue ?

Thank you in advance and sorry for my english

Omar
asked Dec 14, 2015 in Rabbit by omarp New to the Community (0 points)

Please log in or register to answer this question.

1 Answer

0 votes
For anyone else interested, the problem was that the Rabbit couldn't process the SHA256 signature in Gmail X.509 (SSL/TLS) certificate.

This issue was corrected as part of work I'm doing to support TLS 1.2 on the Rabbit. You can view the patch here:

https://github.com/digidotcom/DCRabbit_10/commit/0e071a7d7b0a59d4a0a86de2564c77a4928e35cc

But it depends on other changes to Dynamic C only available in the "feature-tls1.2" branch on GitHub.
answered Jan 20, 2016 by TomCollins Veteran of the Digi Community (1,327 points)
Thanks a lot for your work over this issue Tom !
The first tests that I've made has worked very well.

Omar.
...