Re: [fetchmail-users] Fetchmail 6.3.0 released

[Simon B. <ba...@Fr...>]

Matthias Andree wrote:
> Rob MacGregor <rob...@gm...> writes:
> 
> > So, the only way to get it to work is to point /etc/ssl/certs at
> > /usr/local/openssl/certs and use the c_rehash that comes with the port
> > (but given the version differences, I doubt that's a good idea, even
> > if it's what I've done).
> 
> The version differences should not matter, as c_rehash only hashes the
> certificates, i. e. runs openssl against the certificate and creates a
> symlink from XXXXXXXX.N to the actual certificate file, so that access
> is fast.

s/access is fast/the certificates are found/

From my experience without the c_rehash run openssl will fail to find
the certificates:

% ls .certs 
ca.pem       serverca.pem
% fetchmail
fetchmail: Server certificate verification error: unable to get local
issuer certificate
fetchmail: Server certificate verification error: certificate not
trusted
fetchmail: Server certificate verification error: unable to verify the
first certificate
fetchmail: No mail for user at xxxxxxxxxx
^Cfetchmail: terminated with signal 2
% perl /usr/src/crypto/openssl/tools/c_rehash .certs 
Doing .certs
serverca.pem => 55974652.0
ca.pem => 1356e92d.0
% fetchmail                                         
fetchmail: No mail for user at xxxxxxxxxx
^Cfetchmail: terminated with signal 2
% ls .certs 
1356e92d.0   55974652.0   ca.pem       serverca.pem

Excerpt from .fetchmailrc:

options fetchall ssl sslcertpath /home/simon/.certs sslfingerprint '...'

'
> 
> > I'm happy to raise a PR about this as I'd like to see this easier for
> > others to get working - FreeBSD really shouldn't be this hard, that's
> > what Linux is for :-)
>

As previously mentioned, fetchmail-6.3.0_2 and the entry to
ports/UPDATING should make everybody happy.

-- 
Best regards / Viele Grüße,                             ba...@Fr...
 Simon Barner                                                ba...@gm...