Issue 1213: Gmail TLS auth incorrect
Status:  New
Owner: ----
Reported by simon.lo...@plumbee.co.uk, Dec 16, 2011
Affected Version:

What steps will reproduce the problem?
1.
Mail confuig like this
[sendemail]
	enable = true
	smtpServer = smtp.gmail.com
	smtpServerPort = 587
	smtpEncryption = TLS
	smtpUser = no-one@domain.co.uk   <-- this is the same as server.email btw
	smtpPass = ******
	sslVerify = false
	from = server

now get gerrit to send an email e.g. register new email address


What is the expected output?
  Send an email

 What do you see instead?
from error_log
[2011-12-16 14:43:23,997] ERROR com.google.gerrit.httpd.rpc.account.AccountSecurityImpl : Cannot send email verification message to simon@surf.org.uk
com.google.gerrit.server.mail.EmailException: Connection closed without indication.
	at


Please provide any additional information below.

manual testing shows this
simon@madoka:~$ gnutls-cli --crlf --starttls --port 25 smtp.gmail.com
Resolving 'smtp.gmail.com'...
Connecting to '209.85.229.109:25'...

- Simple Client Mode:

220 mx.google.com ESMTP eo4sm13318686wib.19
ehlo sjjss
250-mx.google.com at your service, [79.173.186.214]
250-SIZE 35882577
250-8BITMIME
250-XXXXXXXA
250 ENHANCEDSTATUSCODES
STARTTLS
502 5.5.1 Unrecognized command. eo4sm13318686wib.19
quit
221 2.0.0 closing connection eo4sm13318686wib.19
- Peer has closed the GnuTLS connection
simon@ubuntu:~$ gnutls-cli --crlf --starttls --port 587 smtp.gmail.com
Resolving 'smtp.gmail.com'...
Connecting to '209.85.229.108:587'...

- Simple Client Mode:

220 mx.google.com ESMTP u5sm14828533wbm.2
ehlo sjsjs
250-mx.google.com at your service, [79.173.186.214]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES
starttls 
220 2.0.0 Ready to start TLS
ehlo sjsjs
- Peer has closed the GnuTLS connection


So I would suggest the 2nd client.login after starttls in SmtpEmailSender.java is incorrect and should be removed. 

Simon Loader simon@plumbee.co.uk




Dec 16, 2011
#1 simon.lo...@plumbee.co.uk
I think this is the same issue as 1032 but with more detail.
Dec 16, 2011
#3 simon.lo...@plumbee.co.uk
And to prove the point switching to SSL fixes the problem.
Dec 16, 2011
#4 simon.lo...@plumbee.co.uk

Suggested patch

git diff
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/mail/SmtpEmailSender.java b/gerrit-server/src/main/java/com/google/gerrit/server/mail/SmtpEmailSender.java
index f681710..6a7fdbb 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/mail/SmtpEmailSender.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/mail/SmtpEmailSender.java
@@ -244,10 +244,6 @@ public class SmtpEmailSender implements EmailSender {
         if (!client.startTLS(smtpHost, smtpPort, sslVerify)) {
           throw new EmailException("SMTP server does not support TLS");
         }
-        if (!client.login()) {
-          String e = client.getReplyString();
-          throw new EmailException("SMTP server rejected login: " + e);
-        }
       }
 
       if (smtpUser != null && !client.auth(smtpUser, smtpPass)) {