Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
530 views
in Technique[技术] by (71.8m points)

smtp - Java mail without ssl - PKIX path building failed:

I am using java mail to send emails over smtp. The smtp settings given below:

        Properties props = new Properties();
        Object put = props.put("mail.smtp.host", smtpHost);
        props.put("mail.smtp.user", smtpUser);
        props.put("mail.smtp.auth", true);
        props.put("mail.debug", mailDebug);
        props.put("mail.smtp.port", port);

The smtp credentials have been verified by telnetting to my smtpHost with the above details. However, I get the following exception when I use the above settings in java mail.

        250-AUTH PLAIN LOGIN
        250-STARTTLS
        250 HELP
        DEBUG SMTP: Found extension "SIZE", arg "52428800"
        DEBUG SMTP: Found extension "8BITMIME", arg ""
        DEBUG SMTP: Found extension "PIPELINING", arg ""
        DEBUG SMTP: Found extension "AUTH", arg "PLAIN LOGIN"
        DEBUG SMTP: Found extension "STARTTLS", arg ""
        DEBUG SMTP: Found extension "HELP", arg ""
        DEBUG SMTP: Attempt to authenticate
        DEBUG SMTP: check mechanisms: LOGIN PLAIN DIGEST-MD5 NTLM
        DEBUG SMTP: AUTH LOGIN command trace suppressed
        DEBUG SMTP: AUTH LOGIN failed
        Nov 29, 2012 11:54:40 AM com.Test main
        SEVERE: null
        javax.mail.AuthenticationFailedException: 535 Incorrect authentication data

When I add the line :

        props.put("mail.smtp.starttls.enable", false);

It again generates the same authentication failed exception.

If I set mail.smtp.starttls.enable to true, the authentication succeeds, but I get the following exception:

     220 TLS go ahead
     Nov 28, 2012 5:32:36 PM com.Test main
     SEVERE: null
     javax.mail.MessagingException: Could not convert socket to TLS;
     nested exception is:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1918)
    at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:652)
    at javax.mail.Service.connect(Service.java:317)

After going through various forum threads regarding the second exception, I ran the InstallCert program to fetch the server's self-signed certificate. The InstallCert throws the following exception:

            Opening connection to mydomain.com.au:443...
            Starting SSL handshake...
            javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
                    at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:542)
                    at sun.security.ssl.InputRecord.read(InputRecord.java:374)
                    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:850)
                    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
                    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217)
                    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201)
                    at InstallCert.main(InstallCert.java:100)
            Could not obtain server certificate chain

So, looks like my server does not have ssl, but starttls is enabled. What are the correct parameters for sending mail with STARTTLS on, to a server with no ssl?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

This JavaMail FAQ entry should help.

Try using MailSSLSocketFactory like this:

  MailSSLSocketFactory sf = new MailSSLSocketFactory();
  sf.setTrustAllHosts(true);
  props.put("mail.smtp.ssl.socketFactory", sf);

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...