AWS.SMTP.Client secure mode

AWS.SMTP.Client secure mode

[philip...@gmail.com]

The recent thread about sending email with AWS.SMTP.Client reminded me I need to finish working on a package I wrote a while ago that uses AWS.SMTP.Client.  I have just been passing Server_Name => "localhost", Port => 25, and Secure => False to AWS.SMTP.Client.Initialize, to use a local mail relay, and that has worked fine.

I'm now trying to get secure communication to my email account mailserver working (SSL on port 465).  Something deep in the bowels of AWS wants cert.pem to exist in the directory I run my program from, but it doesn't seem to be the cert.pem I retrieved from the mail server with openssl.

My program dies with:

raised AWS.SMTP.SERVER_ERROR : raised AWS.NET.SOCKET_ERROR : The requested data were not available.

immediately after reading the cert.pem file I fetched with openssl.

Has anyone ever got secure  and authenticated AWS.SMTP.Client working?  And if so, how did you do it?

Re: AWS.SMTP.Client secure mode

[Björn Lundin]

Den 2021-09-05 kl. 05:20, skrev philip...@gmail.com:

> 
> Has anyone ever got secure  and authenticated AWS.SMTP.Client working?  And if so, how did you do it?
> 

Yes.
I use Amazon as mailer - like this. Shortened version so it might not 
compile. I think you need the Ada.Directories.Set_Directory statement 
just as I need it.

in the directory I set , I have the cert.pem I'd like to use


   procedure Mail_Saldo is
      Subject : constant String             := "Some Subject";
      use AWS;
      SMTP_Server_Name : constant String := 
"email-smtp.eu-north-1.amazonaws.com";
      Status : SMTP.Status;
   begin
     Ada.Directories.Set_Directory(/where/is/my/cet/sslcert");
     declare
         Auth : aliased constant SMTP.Authentication.Plain.Credential :=
                                   SMTP.Authentication.Plain.Initialize 
("AKFCAWS_IS_A_MAILSERVERT",        "BOYbIsome-chars-from-amazomFDWW");


       SMTP_Server : SMTP.Receiver := SMTP.Client.Initialize
                                   (SMTP_Server_Name,
                                    Port       => 465,
                                    Secure     => True,
                                    Credential => Auth'Unchecked_Access);
       use Ada.Characters.Latin_1;
       Msg : constant String := "Some MEssage";

       Receivers : constant SMTP.Recipients :=  (
                   SMTP.E_Mail("A Mail Address", 
"a.mail.address@gmail.com"),
               --    SMTP.E_Mail("Another Mail Addresss", 
"another.mail.address@gmail.co"));
     begin
       SMTP.Client.Send(Server  => SMTP_Server,
                        From    => SMTP.E_Mail ("A sender", 
"Sender@gmail.com"),
                        To      => Receivers,
                        Subject => Subject,
                        Message => Msg,
                        Status  => Status);
     end;
     if not SMTP.Is_Ok (Status) then
       Log (Me & "Mail_Saldo", "Can't send message: " & 
SMTP.Status_Message (Status));
     end if;
   end Mail_Saldo;

---------------------------------




cert.pem looks like

sslcert $ cat cert.pem
-----BEGIN RSA PRIVATE KEY-----
....
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...........
-----END CERTIFICATE-----


-- 
Björn

Re: AWS.SMTP.Client secure mode

[philip...@gmail.com]

On Monday, September 6, 2021 at 2:26:30 AM UTC-7, björn lundin wrote:
> Den 2021-09-05 kl. 05:20, skrev philip...@gmail.com: 
> 
> > 
> > Has anyone ever got secure and authenticated AWS.SMTP.Client working? And if so, how did you do it? 
> >
> Yes. 
> I use Amazon as mailer - like this. Shortened version so it might not 
> compile. I think you need the Ada.Directories.Set_Directory statement 
> just as I need it. 
> 
> in the directory I set , I have the cert.pem I'd like to use 

Is cert.pem a client certificate that will be passed to the server, or is it a server certificate the client uses to validate the server?

As far as I know, none of the mail servers I am dealing with have any mechanism to register client certificates.

Re: AWS.SMTP.Client secure mode

[Björn Lundin]

Den 2021-09-07 kl. 04:20, skrev philip...@gmail.com:
> On Monday, September 6, 2021 at 2:26:30 AM UTC-7, björn lundin wrote:
>> Den 2021-09-05 kl. 05:20, skrev philip...@gmail.com:
>>
>>>
>>> Has anyone ever got secure and authenticated AWS.SMTP.Client working? And if so, how did you do it?
>>>
>> Yes.
>> I use Amazon as mailer - like this. Shortened version so it might not
>> compile. I think you need the Ada.Directories.Set_Directory statement
>> just as I need it.
>>
>> in the directory I set , I have the cert.pem I'd like to use
> 
> Is cert.pem a client certificate that will be passed to the server, or is it a server certificate the client uses to validate the server?
> 



Actually - lookin closer - it is the cert.pem that was distributed with 
AWS 1.2.
That is longtime ago...

Obviously Amazon does not care. Auth is then via the lines
   Auth : aliased constant SMTP.Authentication.Plain.Credential :=
                                   SMTP.Authentication.Plain.Initialize 
("AKFCAWS_IS_A_MAILSERVERT",        "BOYbIsome-chars-from-amazomFDWW");


I could not find it on github now - so I mailed you the one I got


-- 
Björn

Re: AWS.SMTP.Client secure mode

[philip...@gmail.com]

> Obviously Amazon does not care. Auth is then via the lines
> Auth : aliased constant SMTP.Authentication.Plain.Credential := 
> SMTP.Authentication.Plain.Initialize 
> ("AKFCAWS_IS_A_MAILSERVERT", "BOYbIsome-chars-from-amazomFDWW");
> I could not find it on github now - so I mailed you the one I got 

OK,  so your cert.pem works with my email provider.  But I don't understand why it works, epecially since your certificate appears to have expired almost 13 years ago.