Description:
In Notify.java we have:

final Properties mailProps = new Properties();
mailProps.put("mail.smtp.host", smtpServer);
mailProps.put("mail.smtp.port", port);
// set TLS as true, because if the server does not support it, it should
// at least fall back to non TLS.
mailProps.put("mail.smtp.starttls.enable", Boolean.TRUE.toString());

and if server doesn't support TLS you get an error:

E1507: SMTP send failed - Can't send command to SMTP host; nested 
exception is: javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target

How to repeat:
Repeated if server doesn't support TLS.

Suggested fix:
Make this parameter tunable.

Per Sloan, SMTP spec says TLS is supposed to be "please use if available". Workaround: We can add Merlin server property to globally enable/disable TLS. Won't add UI, but can add doc how to insert property into Merlin schema to disable.

I'm not convinced TLS has anything to do with this bug.  This is errors in the realm of SSL, and any googling i've done on the issue mentions NOTHING of TLS -- they are not the same thing.

setting the server property of "notification.tls.enabled" to "false" will force the setting of the property to false.

http://localhost:8080/merlin/main?command=set_property&property=notification.tls.enabled&v...

This is fixed in the ga_20070314_v1.1.0 branch by r6571.  

Author: schilders
Date: 2007-07-11 20:57:39 +0200 (Wed, 11 Jul 2007)
New Revision: 6571

Modified:
   branches/ga_20070314_v1.1.0/server/merlin/WEB-INF/src/com/mysql/merlin/constants/Merlin.java
   branches/ga_20070314_v1.1.0/server/merlin/WEB-INF/src/com/mysql/merlin/server/monitors/dao/Notify.java
   branches/ga_20070314_v1.1.0/server/merlin/WEB-INF/src/com/mysql/merlin/server/notification/NotificationService.java
   branches/ga_20070314_v1.1.0/server/merlin/WEB-INF/src/com/mysql/merlin/server/preferences/PreferencesService.java
   branches/ga_20070314_v1.1.0/server/merlin/WEB-INF/test/com/mysql/merlin/server/monitors/dao/NotifyTest.java
Log:
backport Eric's patch for TLS on/off as a server property to 1.1.1 branch

According to Mark, customer feedback is that this property fixes the problem in 1.2.

This is not about 'doesn't support TLS' - it is when server supports TLS with self-signed (or other forms of nontrusted) certificate. 

What I'd suggest - having pure 'disable SSL/TLS' checkbox, then in a test catch the PKI verification exception, and suggest disabling TLS or importing the key to keystore (KB article has to be migrated from internal to external KB). 

This exception comes when already client talks in SSL/TLS to a server. You can't talk SSL to a server which doesn't support it...

The 1.2 release has a disable TLS switch in the user interface.

Looking at the code in the action, it's more than likely it won't work in some situations when the test e-mail fails (which it will, if the TLS option is actually needed). 

The action sets TLS *after* it tries to send the test e-mail, it should probably set it beforehand and revert it if the test e-mail fails.

Based on the comments from Mark above, the workaround for this is to *not* give an email address in "On Save, Send Test Email Message to (optional)" when checking "Disable JavaMail TLS/SSL" and clicking "save".

To complete the workaround: if you still want to test the config, proceed in 2 steps: first, save *without* sending a test email, and then enter a test email address and save again. Now the TLS setting is applied correctly, and the test email sent.

Fixed in r8192 (development-1.2.1 i.e. 1.3.0 branch).

Fixed in 1.3, please reopening to fix in 2.0 once tested.