Re: [fetchmail-users] Fetchmail 6.3.0 released

[Rob M. <rob...@gm...>]

On 07/12/05, Matthias Andree <mat...@gm...> wrote:
>
> Please drop the attached patch-file into your
> ports/mail/fetchmail/files/ directory (as patch-socket.c) and rebuild
> (aka "make clean && make all deinstall install clean") then let me know
> if your problem is fixed.

That didn't (quite) do it I'm afraid:

fetchmail: Server certificate verification error: unable to get local
issuer certificate
fetchmail: Server certificate verification error: certificate not trusted
fetchmail: Server certificate verification error: unable to verify the
first certificate

I still need "ssl sslcertpath /usr/local/openssl/certs" in my
fetchmailrc to get it to work.

Now, checking the libraries fetchmail is linked against the system
openssl, whereas c_rehash is coming from the port install of openssl. 
Having finally found the c_rehash tool in the FreeBSD source tree I
worked out where it expected the certificates (/usr/local/ssl/certs,
when /usr/local/ssl doesn't exist), but that made no difference
either.

So, finally digging through a truss shows that fetchmail/system
openssl is looking in /etc/ssl/certs (which doesn't exist), not
/usr/local/<anything>.  Nice consistency :-)

One sym-link later and all is working as it should.  Not sure how you
could patch for this though - the whole openssl install is a bit of a
mess, with the system tools looking in 2 different locations and the
port in another.

--
                 Please keep list traffic on the list.
Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche