How do I get my Mono 4.2 code to send email through Amazon SES?

1
votes

I have Mono (version 4.2.1) code running on Ubuntu 16.04.2 LTS; that code 's trying and failing to send email using Amazon SES. From other searches I read that the error is due to certificates not being present in mono's trust store. The command to fix this being: mozroots --import --ask-remove

followed by:

certmgr -ssl smtps://email-smtp.eu-west-1.amazonaws.com:587

(since email-smtp.eu-west-1.amazonaws.com is the SMTP server I'm using; on port 587)

The first command works fine and imported 162 certificates to my store. The second command fails with an exception. What am I doing wrong?

Here's the stack trace:

Unhandled Exception:
System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x402e7020 + 0x00132> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x402e6f50 + 0x00031> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x402e3aa0 + 0x00225> in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) <0x402e7cf0 + 0x000ec> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x402e7a40 + 0x0007f> in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.InternalAsyncResult asyncResult) <0x402e1190 + 0x0007b> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () <0x402da8b0 + 0x000b6> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, Int32 offset, Int32 count) <0x402da4d0 + 0x000af> in <filename unknown>:0
  at System.IO.StreamWriter.Flush (Boolean flushStream, Boolean flushEncoder) <0x7f07ce354da0 + 0x000fa> in <filename unknown>:0
  at System.IO.StreamWriter.Flush () <0x7f07ce354d70 + 0x0001f> in <filename unknown>:0
  at Mono.Tools.CertificateManager.GetCertificatesFromSslSession (System.String url) <0x402a43e0 + 0x00357> in <filename unknown>:0
  at Mono.Tools.CertificateManager.Ssl (System.String host, Boolean machine, Boolean verbose) <0x402a39f0 + 0x0013a> in <filename unknown>:0
  at Mono.Tools.CertificateManager.Main (System.String[] args) <0x4029ed70 + 0x004f0> in <filename unknown>:0
[ERROR] FATAL UNHANDLED EXCEPTION: System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x402e7020 + 0x00132> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x402e6f50 + 0x00031> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x402e3aa0 + 0x00225> in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) <0x402e7cf0 + 0x000ec> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x402e7a40 + 0x0007f> in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.InternalAsyncResult asyncResult) <0x402e1190 + 0x0007b> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () <0x402da8b0 + 0x000b6> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, Int32 offset, Int32 count) <0x402da4d0 + 0x000af> in <filename unknown>:0
  at System.IO.StreamWriter.Flush (Boolean flushStream, Boolean flushEncoder) <0x7f07ce354da0 + 0x000fa> in <filename unknown>:0
  at System.IO.StreamWriter.Flush () <0x7f07ce354d70 + 0x0001f> in <filename unknown>:0
  at Mono.Tools.CertificateManager.GetCertificatesFromSslSession (System.String url) <0x402a43e0 + 0x00357> in <filename unknown>:0
  at Mono.Tools.CertificateManager.Ssl (System.String host, Boolean machine, Boolean verbose) <0x402a39f0 + 0x0013a> in <filename unknown>:0
  at Mono.Tools.CertificateManager.Main (System.String[] args) <0x4029ed70 + 0x004f0> in <filename unknown>:0
1
sslmonosmtpx509certificateamazon-ses

1 Answers

0
votes

One of the common failures of certmgr is not running it with sudo. It produces that Exception, which is a really misleading.

On macOS/Linux:

certmgr -ssl smtps://email-smtp.eu-west-1.amazonaws.com:587

will produce the exact error you posted.

Using sudo:

sudo certmgr -ssl smtps://email-smtp.eu-west-1.amazonaws.com:587

results in:

X.509 Certificate v3
   Issued from: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
   Issued to:   C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
   Valid from:  5/21/2002 4:00:00 AM
   Valid until: 8/21/2018 4:00:00 AM
   *** WARNING: Certificate signature is INVALID ***
Import this certificate into the CA store ?yes

X.509 Certificate v3
   Issued from: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
   Issued to:   C=US, O=Google Inc, CN=Google Internet Authority G2
   Valid from:  4/1/2015 12:00:00 AM
   Valid until: 12/31/2017 11:59:59 PM
   *** WARNING: Certificate signature is INVALID ***
Import this certificate into the CA store ?yes

X.509 Certificate v3
   Issued from: C=US, O=Google Inc, CN=Google Internet Authority G2
   Issued to:   C=US, S=California, L=Mountain View, O=Google Inc, CN=smtp.gmail.com
   Valid from:  4/12/2017 1:28:00 PM
   Valid until: 7/5/2017 1:28:00 PM
Import this certificate into the AddressBook store ?yes

3 certificates added to the stores.

Note: Make sure you are answering yes to the import question.