[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fetchmail-friends
Subject:    [fetchmail] fetchmail can't verify SSL cert
From:       Guy Middleton <guy () obstruction ! com>
Date:       2003-06-30 18:52:25
[Download RAW message or body]

I am having some trouble getting fetchmail to recogzine my mail provider's SSL
certificate.


Fetchmail -v says this:

fetchmail: Issuer CommonName: Vex.Net
fetchmail: Server CommonName: *.vex.net
fetchmail: mail.vex.net key fingerprint:
6D:1B:5E:CB:ED:15:B3:B4:9F:C6:E9:91:44:28:50:71
fetchmail: Warning: server certificate verification: unable to get local issuer certificate

Using this fetchmailrc:

poll mail.vex.net with proto POP3 no dns localdomains obstruction.com
	user 'username' password 'secret' to * here
	options sslcertpath /home/guy/.certs ssl dropstatus


So I looked in my certificate directory, which looks ok to me (the hash links
are there):

$ ls -l /home/guy/.certs
total 4
lrwxr-xr-x  1 guy  guy    16 Jun 30 12:50 b5554f6f.0 -> mail_vex_net.pem
lrwxr-xr-x  1 guy  guy    18 Jun 30 12:50 bc809cbf.0 -> vex-net_cacert.pem
-rw-r--r--  1 guy  guy  1383 Jun 30 11:54 mail_vex_net.pem
-rw-r--r--  1 guy  guy  1326 Jun 30 12:28 vex-net_cacert.pem
$ 


And OpenSSL likes the the certificate:

$ openssl verify -CApath /home/guy/.certs/  mail_vex_net.pem 
mail_vex_net.pem: OK
$ 
$ openssl x509 -noout -fingerprint -in mail_vex_net.pem
MD5 Fingerprint=6D:1B:5E:CB:ED:15:B3:B4:9F:C6:E9:91:44:28:50:71
$ 


So why does openssl verify like the cert, while fetchmail does not?  I tried
fetchmail 6.2.0 and 6.2.2, I get the same thing with both.

[prev in list] [next in list] [prev in thread] [next in thread]