Discussion:
Mageia 8 - Lack of certificate
(too old to reply)
Gilberto F da Silva
2023-01-02 13:37:13 UTC
Permalink
When trying to send an email I received the following error message:

msmtp: cannot set X509 trust file /etc/ssl/certs/ca-certificates.crt for
TLS session: Error while reading file.
msmtp: could not send mail (account GMX-OS2 from /home/mageia8/.msmtprc)

This already happened in some previous installation. It was tried by me
to install all things related to existing certificates in the enabled
repositories but it didn't work.

The solution I found was to copy the certificates from another
distribution. It worked but personally I didn't like the solution. I
believe there is a better solution.
--
Abraços

Gilberto F da Silva
Doug Laidlaw
2023-01-06 17:30:18 UTC
Permalink
Post by Gilberto F da Silva
msmtp: cannot set X509 trust file /etc/ssl/certs/ca-certificates.crt for
TLS session: Error while reading file.
msmtp: could not send mail (account GMX-OS2 from /home/mageia8/.msmtprc)
This already happened in some previous installation. It was tried by me
to install all things related to existing certificates in the enabled
repositories but it didn't work.
The solution I found was to copy the certificates from another
distribution. It worked but personally I didn't like the solution. I
believe there is a better solution.
I am getting very vague, but something like this happened to me
recently. I did find a Web page with a kind of HOWTO, but I never got it
working, and now, I can't find the page I saw before. There are plenty
of alternative pages: search for "ssl certificates." Certificates are
updated regularly through the repo updates, so in a perfect world, this
shouldn't happen. Years ago, BOINC couldn't find the system
certificates, so I copied them into the BOINC folfder. The file
ca-certificates.crt is in claws-mail-tools and lib(64)gnustep. Maybe
your email client has been updated? Alternatively, if the file is
indeed there, check your permissions. Try adding your user to group mail.

HTH,

Doug.
Gilberto F da Silva
2023-01-06 18:33:28 UTC
Permalink
Post by Doug Laidlaw
I am getting very vague, but something like this happened to me
recently. I did find a Web page with a kind of HOWTO, but I never
got it working, and now, I can't find the page I saw before.
This happens to me often. I find pages with solutions to my searches
and then I don't find them anymore.

- --

Abraços

Gilberto F da Silva
Gilberto F da Silva
2023-01-06 18:44:03 UTC
Permalink
Post by Gilberto F da Silva
When trying to send an email I received the following error
msmtp: cannot set X509 trust file
/etc/ssl/certs/ca-certificates.crt for TLS session: Error while
reading file. msmtp: could not send mail (account GMX-OS2 from
/home/mageia8/.msmtprc)
This already happened in some previous installation. It was tried
by me to install all things related to existing certificates in
the enabled repositories but it didn't work.
The solution I found was to copy the certificates from another
distribution. It worked but personally I didn't like the
solution. I believe there is a better solution.
There are plenty of alternative pages: search for "ssl
certificates." Certificates are updated regularly through the repo
updates, so in a perfect world, this shouldn't happen.
My intention is just to report a problem that occurred in the hope
that some distribution maintainer will fix it. I got the Slackware 15
certificate and it worked.

- --

Abraços

Gilberto F da Silva
Gilberto F da Silva
2023-01-06 18:58:33 UTC
Permalink
Post by Doug Laidlaw
Post by Gilberto F da Silva
When trying to send an email I received the following error
msmtp: cannot set X509 trust file
/etc/ssl/certs/ca-certificates.crt for TLS session: Error while
reading file. msmtp: could not send mail (account GMX-OS2 from
/home/mageia8/.msmtprc)
This already happened in some previous installation. It was tried
by me to install all things related to existing certificates in
the enabled repositories but it didn't work.
The solution I found was to copy the certificates from another
distribution. It worked but personally I didn't like the
solution. I believe there is a better solution.
Years ago, BOINC couldn't find the system
Post by Doug Laidlaw
certificates, so I copied them into the BOINC folfder. The file
ca-certificates.crt is in claws-mail-tools and lib(64)gnustep.
I used BOINC with ***@home until the project died but I don't
remember having problems with certificates. I was upset when I could
no longer use my computer's idle processing for something useful. Now
I leave the computer mining monero. The reward is meager however,
maybe it will help in the fight against governments.

In truck driver rages in Canada, Trudeau blocked protesters' accounts.
They appealed to Bitcoin. The government's response was to blacklist
addresses used by protesters. With Monero this is not possible.


- --

Abraços

Gilberto F da Silva
Gilberto F da Silva
2023-01-06 19:06:06 UTC
Permalink
Post by Gilberto F da Silva
When trying to send an email I received the following error
msmtp: cannot set X509 trust file
/etc/ssl/certs/ca-certificates.crt for TLS session: Error while
reading file. msmtp: could not send mail (account GMX-OS2 from
/home/mageia8/.msmtprc)
This already happened in some previous installation. It was tried
by me to install all things related to existing certificates in
the enabled repositories but it didn't work.
The solution I found was to copy the certificates from another
distribution. It worked but personally I didn't like the
solution. I believe there is a better solution.
The file ca-certificates.crt is in claws-mail-tools and
lib(64)gnustep. Maybe your email client has been updated?
Alternatively, if the file is indeed there, check your permissions.
Try adding your user to group mail.
After copying the certificate from another distribution to
/etc/ssl/certs/ the program worked normally.

I keep everything up to date. I always update when I get system
notifications to do so.

- --

Abraços

Gilberto F da Silva
David W. Hodgins
2023-01-06 21:16:47 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Gilberto F da Silva
When trying to send an email I received the following error
msmtp: cannot set X509 trust file
/etc/ssl/certs/ca-certificates.crt for TLS session: Error while
reading file. msmtp: could not send mail (account GMX-OS2 from
/home/mageia8/.msmtprc)
The path is specified manually in the config file. For Mageia it looks like it
should be
/etc/ssl/certs/ca-bundle.trust.crt

The commented out defaults in the config file are based to the upstream
(as in msmtp authors) settings.

Mageia packagers generally try to ensure the non-commented options work. They
don't alter the commented settings, which in this case must be modified to
get x509 working.

It's up to the person installing the package to select the choices they
want, which may or may not be the Mageia supplied default crt files.

Regards, Dave Hodgins
Gilberto F da Silva
2023-01-07 15:38:35 UTC
Permalink
On Fri, 06 Jan 2023 14:06:06 -0500, Gilberto F da Silva
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Post by Gilberto F da Silva
When trying to send an email I received the following error
msmtp: cannot set X509 trust file
/etc/ssl/certs/ca-certificates.crt for TLS session: Error
while reading file. msmtp: could not send mail (account
GMX-OS2 from /home/mageia8/.msmtprc)
The path is specified manually in the config file. For Mageia it
looks like it should be /etc/ssl/certs/ca-bundle.trust.crt
The commented out defaults in the config file are based to the
upstream (as in msmtp authors) settings.
Mageia packagers generally try to ensure the non-commented options
work. They don't alter the commented settings, which in this case
must be modified to get x509 working.
It's up to the person installing the package to select the choices
they want, which may or may not be the Mageia supplied default crt
files.
I read this text in the original. I didn't understand. I put it in
the translator and still I couldn't understand it.

As a Mageia user, what do I have to do for this to work? Copying the
file from another distribution worked for me but I don't think it's
mandatory for Mageia users to have other distributions installed.

- --

Abraços

Gilberto F da Silva
David W. Hodgins
2023-01-07 21:21:28 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 06 Jan 2023 14:06:06 -0500, Gilberto F da Silva
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Post by Gilberto F da Silva
msmtp: cannot set X509 trust file
/etc/ssl/certs/ca-certificates.crt for TLS session: Error
while reading file. msmtp: could not send mail (account
GMX-OS2 from /home/mageia8/.msmtprc)
The path is specified manually in the config file. For Mageia it
looks like it should be /etc/ssl/certs/ca-bundle.trust.crt
The commented out defaults in the config file are based to the
upstream (as in msmtp authors) settings.
Mageia packagers generally try to ensure the non-commented options
work. They don't alter the commented settings, which in this case
must be modified to get x509 working.
It's up to the person installing the package to select the choices
they want, which may or may not be the Mageia supplied default crt
files.
I read this text in the original. I didn't understand. I put it in
the translator and still I couldn't understand it.
As a Mageia user, what do I have to do for this to work? Copying the
file from another distribution worked for me but I don't think it's
mandatory for Mageia users to have other distributions installed.
I understand the frustration. Dealing with certificates is complex due to the
wide variety of use cases and large number of options, most of which are
poorly documented.

I've checked bugzilla and my message archive for mentions of msmtp. None prior
to this thread.

I've also checked https://svnweb.mageia.org/packages/cauldron/msmtp/releases/
The package was created in Mageia 1, which means it was imported from Mandriva 8.
Since then, other then automatic rebuilds for each new release, the package
has never been changed, or had a bug report. Either no one has been using the
package or it was "just working" for them.

I've never used msmtp myself. It looks like the default setup is configured to
work without actually using tls, and likely works ok for that as the protocol
has not changed.

Copying the certificate from another system is not a good idea. Better to learn
how to create one properly, or switch to a package that creates one automatically.

Other mail transfer agents such as postfix have been changed to automatically
create the certificates during package installation with a post-install scriptlet.

You can file a bug report requesting an enhancement for the default configuration
be altered to work with smtps instead of just smtp, switch to a different package,
or learn how certificates are created and managed (not easy).

My preference is to use postfix, which "just works" with tls, though most sites
will reject mail from my system as my router's forward/reverse dns does not match.

Regards, Dave Hodgins
Gilberto F da Silva
2023-01-08 03:19:32 UTC
Permalink
On Sat, 07 Jan 2023 10:38:35 -0500, Gilberto F da Silva
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 06 Jan 2023 14:06:06 -0500, Gilberto F da Silva
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Post by Gilberto F da Silva
When trying to send an email I received the following
msmtp: cannot set X509 trust file
Error while reading file. msmtp: could not send mail
(account GMX-OS2 from /home/mageia8/.msmtprc)
The path is specified manually in the config file. For Mageia
it looks like it should be /etc/ssl/certs/ca-bundle.trust.crt
The commented out defaults in the config file are based to the
upstream (as in msmtp authors) settings.
Mageia packagers generally try to ensure the non-commented
options work. They don't alter the commented settings, which in
this case must be modified to get x509 working.
It's up to the person installing the package to select the
choices they want, which may or may not be the Mageia supplied
default crt files.
I read this text in the original. I didn't understand. I put it
in the translator and still I couldn't understand it.
As a Mageia user, what do I have to do for this to work? Copying
the file from another distribution worked for me but I don't
think it's mandatory for Mageia users to have other distributions
installed.
I understand the frustration. Dealing with certificates is complex
due to the wide variety of use cases and large number of options,
most of which are poorly documented.
I apologize if at any point I came across as rude. English is not my
native language. I try to write simply and correctly in the hope that
the translation will be understandable.

I'm not really frustrated, I just want to report a difficulty in the
hope that it will be of some use to the distribution.


- --

Abraços

Gilberto F da Silva
Gilberto F da Silva
2023-01-08 03:26:02 UTC
Permalink
On Sat, 07 Jan 2023 10:38:35 -0500, Gilberto F da Silva
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 06 Jan 2023 14:06:06 -0500, Gilberto F da Silva
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Post by Gilberto F da Silva
When trying to send an email I received the following
msmtp: cannot set X509 trust file
Error while reading file. msmtp: could not send mail
(account GMX-OS2 from /home/mageia8/.msmtprc)
The path is specified manually in the config file. For Mageia
it looks like it should be /etc/ssl/certs/ca-bundle.trust.crt
The commented out defaults in the config file are based to the
upstream (as in msmtp authors) settings.
Mageia packagers generally try to ensure the non-commented
options work. They don't alter the commented settings, which in
this case must be modified to get x509 working.
It's up to the person installing the package to select the
choices they want, which may or may not be the Mageia supplied
default crt files.
I read this text in the original. I didn't understand. I put it
in the translator and still I couldn't understand it.
As a Mageia user, what do I have to do for this to work? Copying
the file from another distribution worked for me but I don't
think it's mandatory for Mageia users to have other distributions
installed.
I understand the frustration. Dealing with certificates is complex
due to the wide variety of use cases and large number of options,
most of which are poorly documented.
I've checked bugzilla and my message archive for mentions of msmtp.
None prior to this thread.
I've also checked
https://svnweb.mageia.org/packages/cauldron/msmtp/releases/ The
package was created in Mageia 1, which means it was imported from
Mandriva 8. Since then, other then automatic rebuilds for each new
release, the package has never been changed, or had a bug report.
Either no one has been using the package or it was "just working"
for them.
I've never used msmtp myself. It looks like the default setup is
configured to work without actually using tls, and likely works ok
for that as the protocol has not changed.
Maybe only I use msmtp among Mageia users. So nobody noticed the
problem before.

- --

Abraços

Gilberto F da Silva

Loading...