http://gerrit-documentation.googlecode.com/svn/Documentation/2.3/config-gerrit.html#_a_id_sendemail_a_section_sendemail
sendemail.smtpEncryption
Specify the encryption to use, either ssl or tls.
By default, none, indicating no encryption is used.
Could you describe more? I checked the code, ssl is for direct SSL connection,
tls is for STARTTLS negotiation, these two options are quite different, it's
better to name them "ssl" and "starttls".
I met problem on the TLS encryption way because I use self-signed certificate
for my Exim server, Gerrit throws exception in error_log:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
....
This is because classes in javax.net.ssl package can't verify the the
certificate of SMTP server. I can set sendemail.sslVerify to false
in etc/gerrit.config to bypass it, but I do hope the Gerrit documentation
can mention this problem and provide other choices:
(1) Add this to /etc/default/gerritcodereview, this is read by bin/gerrit.sh.
JAVA_OPTIONS="-Djavax.net.ssl.trustStore=/srv/gerrit/truststore -Djavax.net.ssl.trustStorePassword=changeit"
The password isn't sensitive because the truststore contains only certificate
not private key.
The truststore file is generated by this command:
$ keytool -importcert -alias exim -file /etc/exim4/exim.crt -keystore /srv/gerrit/truststore -storepass changeit
(2) Import the exim.crt into $JAVA_HOME/jre/lib/security/jssecacerts
(3) Import the exim.crt into $JAVA_HOME/jre/lib/security/cacerts
I prefer the first options because it doesn't affect any other Java applications.