如何获取 Mono 4.2 代码以通过 Amazon SES 发送电子邮件？

Question

我在 Ubuntu 16.04.2 LTS 上运行 Mono（4.2.1 版）代码；该代码尝试使用 Amazon SES 发送电子邮件但失败。从其他搜索中，我了解到该错误是由于 mono 的信任库中不存在证书。解决此问题的命令是： mozroots --import --ask-remove

接着是：

certmgr -ssl smtps://email-smtp.eu-west-1.amazonaws.com:587

（因为 email-smtp.eu-west-1.amazonaws.com 是我正在使用的 SMTP 服务器；在端口 587 上）

第一个命令运行良好，并将 162 个证书导入我的商店。 第二个命令失败并出现异常。我究竟做错了什么？

这是堆栈跟踪：

Unhandled Exception:
System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x402e7020 + 0x00132> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x402e6f50 + 0x00031> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x402e3aa0 + 0x00225> in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) <0x402e7cf0 + 0x000ec> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x402e7a40 + 0x0007f> in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.InternalAsyncResult asyncResult) <0x402e1190 + 0x0007b> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () <0x402da8b0 + 0x000b6> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, Int32 offset, Int32 count) <0x402da4d0 + 0x000af> in <filename unknown>:0
  at System.IO.StreamWriter.Flush (Boolean flushStream, Boolean flushEncoder) <0x7f07ce354da0 + 0x000fa> in <filename unknown>:0
  at System.IO.StreamWriter.Flush () <0x7f07ce354d70 + 0x0001f> in <filename unknown>:0
  at Mono.Tools.CertificateManager.GetCertificatesFromSslSession (System.String url) <0x402a43e0 + 0x00357> in <filename unknown>:0
  at Mono.Tools.CertificateManager.Ssl (System.String host, Boolean machine, Boolean verbose) <0x402a39f0 + 0x0013a> in <filename unknown>:0
  at Mono.Tools.CertificateManager.Main (System.String[] args) <0x4029ed70 + 0x004f0> in <filename unknown>:0
[ERROR] FATAL UNHANDLED EXCEPTION: System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x402e7020 + 0x00132> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x402e6f50 + 0x00031> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x402e3aa0 + 0x00225> in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) <0x402e7cf0 + 0x000ec> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x402e7a40 + 0x0007f> in <filename unknown>:0
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.InternalAsyncResult asyncResult) <0x402e1190 + 0x0007b> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () <0x402da8b0 + 0x000b6> in <filename unknown>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, Int32 offset, Int32 count) <0x402da4d0 + 0x000af> in <filename unknown>:0
  at System.IO.StreamWriter.Flush (Boolean flushStream, Boolean flushEncoder) <0x7f07ce354da0 + 0x000fa> in <filename unknown>:0
  at System.IO.StreamWriter.Flush () <0x7f07ce354d70 + 0x0001f> in <filename unknown>:0
  at Mono.Tools.CertificateManager.GetCertificatesFromSslSession (System.String url) <0x402a43e0 + 0x00357> in <filename unknown>:0
  at Mono.Tools.CertificateManager.Ssl (System.String host, Boolean machine, Boolean verbose) <0x402a39f0 + 0x0013a> in <filename unknown>:0
  at Mono.Tools.CertificateManager.Main (System.String[] args) <0x4029ed70 + 0x004f0> in <filename unknown>:0

Answer 1

certmgr 的常见故障之一是没有使用sudo 运行它。它会生成 Exception，这确实是一种误导。

在 macOS/Linux 上：

certmgr -ssl smtps://email-smtp.eu-west-1.amazonaws.com:587

将产生您发布的确切错误。

使用 sudo：

sudo certmgr -ssl smtps://email-smtp.eu-west-1.amazonaws.com:587

结果：

X.509 Certificate v3
   Issued from: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
   Issued to:   C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
   Valid from:  5/21/2002 4:00:00 AM
   Valid until: 8/21/2018 4:00:00 AM
   *** WARNING: Certificate signature is INVALID ***
Import this certificate into the CA store ?yes

X.509 Certificate v3
   Issued from: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
   Issued to:   C=US, O=Google Inc, CN=Google Internet Authority G2
   Valid from:  4/1/2015 12:00:00 AM
   Valid until: 12/31/2017 11:59:59 PM
   *** WARNING: Certificate signature is INVALID ***
Import this certificate into the CA store ?yes

X.509 Certificate v3
   Issued from: C=US, O=Google Inc, CN=Google Internet Authority G2
   Issued to:   C=US, S=California, L=Mountain View, O=Google Inc, CN=smtp.gmail.com
   Valid from:  4/12/2017 1:28:00 PM
   Valid until: 7/5/2017 1:28:00 PM
Import this certificate into the AddressBook store ?yes

3 certificates added to the stores.

注意：确保您对导入问题回答 yes。