hostname_check fails in smtp tls handshake

hi ,
I am using Smtp for otp verification , but getting Error sataing that

=NOTICE REPORT==== 23-Apr-2025::12:01:20.298639 ===
TLS client: In state wait_cert at ssl_handshake.erl:2113 generated CLIENT ALERT: Fatal - Handshake Failure
 - {bad_cert,hostname_check_failed}
Failed to send email: {temporary_failure,"40.104.77.82",tls_failed}
 Reason: retries_exceeded

The certificate might not include the correct domain name.
Please let me know how can i resolve this .

I can’t help you on this particular error, but if you don’t need the hostname check you should be able to disable it by passing verify_none as an ssl option.

That would not be the way to disable the hostname check, that disables the whole certifcate path validation and this is probably not what you want. You can disable the host name check by providing the {server_name_indication, disable} as a client option.

2 Likes

Thank you @ingela , it worked .
But will it be safe for Production environment ?

The host name check is not part of the TLS protocol, it is an additional check that has become sort of mandatory for at least HTTPS clients. It checks that the hostname given in the URI does match some value in the certificate. If this is important to your use case or not I cannot say.

Also the hostname check is customizable, look at the documentation for details.

Will through the documents. Thank you for the help. :slightly_smiling_face: :folded_hands: