Menu
▾
▴
Re: [fetchmail-users] SSL authentication problems with Gmail
|
From: Matthias A. <mat...@gm...> - 2006-01-04 17:28:57
|
Sebastian Tennant <se...@sm...> writes: >>> OK, added another `-v' and it just lists the Thawte server as well... >>> >>> fetchmail[4584]: starting fetchmail 6.3.1 daemon >>> fetchmail[4584]: 6.3.1 querying pop.googlemail.com (protocol POP3) at Wed Jan 4 11:47:17 2006: poll started >>> fetchmail[4584]: Issuer Organization: Thawte Consulting cc >>> fetchmail[4584]: Issuer CommonName: Thawte Premium Server CA >>> fetchmail[4584]: Server CommonName: pop.googlemail.com >>> fetchmail[4584]: pop.googlemail.com key fingerprint: 46:8B:6C:F4:3E:4C:56:29:83:54:2C:37:42:F1:67:80 >>> fetchmail[4584]: 6.3.1 querying pop.googlemail.com (protocol POP3) at Wed Jan 4 11:47:18 2006: poll completed >>> fetchmail[4584]: Query status=2 (SOCKET) >>> fetchmail[4584]: sleeping at Wed Jan 4 11:47:18 2006 >> >>Looks like it never talks to the POP server. Can you drop the "port >>995" and "sslcertck" options from your fetchmailrc and see what you >>get. > > Removed these lines and it works. Thanks to everyone who helped. Well, I checked the source code and found no code path where SSL certificate verification would fail without leaving log messages, such as 1. the actual error and 2. "SSL connection failed". POP3 was configured explicitly, so "port 995" forth or back doesn't make a difference either -- removing this option can only make things worse, not better. Remains the question after sslcertck -- it will log trouble, too, EXCEPT if a certificate at greater depth causes a preverification failure without setting the error code in the X.509 context variables (and we'd still get "SSL connection failed" in this case). It appears as though the server dropped the connection after the SSL negotiation and before the greeting, or that your log information is incomplete. Your logging appears to be from syslog, so could you post your syslog.conf or syslog-ng.conf (whichever you're *actually* using)? Do you get more detailed logging with "fetchmail --nosyslog -vv -N -d0 --sslcertck --port 995"? Can you try running this and see if you still get socket errors and if so, which errors they print? Thanks in advance, -- Matthias Andree |
