Google's Gmail SMTP SSL has expired (again)

David_Hubbard · April 4, 2015, 7:08pm

It appears something Google allowed to happen in 2008 has happened
again:

# openssl s_client -starttls smtp -connect smtp.gmail.com:587
CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
verify error:num=10:certificate has expired
notAfter=Apr 4 15:15:55 2015 GMT

Just an FYI in case anyone has end users start reporting errors sending
email.

John_L · April 4, 2015, 7:43pm

I get a cert good through Dec 31.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4993746626803195625 (0x454d5a195ce8dee9)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
        Validity
            Not Before: Feb 18 10:19:56 2015 GMT
            Not After : Dec 31 00:00:00 2015 GMT

Job_Snijders3 · April 4, 2015, 7:52pm

Yeah, seems to be fixed now.

Vurt:~ job$ echo QUIT | openssl s_client -verify 6 -connect smtp.gmail.com:465 -showcerts | openssl x509 -noout -dates
    verify depth is 6
    depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
    verify error:num=20:unable to get local issuer certificate
    verify return:1
    depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
    verify error:num=27:certificate not trusted
    verify return:1
    depth=1 /C=US/O=Google Inc/CN=Google Internet Authority G2
    verify return:1
    depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
    verify return:1
    DONE
    notBefore=Feb 18 10:19:56 2015 GMT
    notAfter=Dec 31 00:00:00 2015 GMT