Menu
▾
▴
Re: [fetchmail-users] unable to get local issuer certificate
|
From: Matthias A. <mat...@gm...> - 2008-09-14 16:05:16
|
Andy Malato <an...@oa...> writes: > ! Date: Fri, 12 Sep 2008 18:23:39 +0200 > ! From: Matthias Andree <mat...@gm...> > ! To: fet...@li... > ! Subject: Re: [fetchmail-users] unable to get local issuer certificate > ! > ! Andy Malato schrieb: > ! > Hello All, > ! > > ! > > ! > I'm currently trying to get fetchmail release 6.3.8+SSL+HESIOD+NLS > ! > working but am running into problems with SSL certificate verification. > ! > > ! > The version of OpenSSL I am using is OpenSSL 0.9.8d on RHEL 4. > ! > > ! > > ! > I have specified the following options in my config file : > ! > > ! > poll mymailhost proto pop3 uidl no dns > ! > user mailuser > ! > sslcertck sslcertpath /usr/share/ssl/certs > ! > > ! > When I invoke fetchmail, I get the following : > ! > > ! > Enter password for mailuser@mymailhost: > ! > fetchmail: 6.3.8 querying mymailhost (protocol POP3) at Fri Sep 12 > ! > 10:59:10 2008: poll started > ! > Trying to connect to 10.0.0.17/995...connected. > ! > fetchmail: Server certificate verification error: unable to get local > ! > issuer certificate > ! > 29071:error:14090086:SSL > ! > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > ! > failed:s3_clnt.c:843: > ! ... > ! > If I remove the sslcertck option, things work fine. > ! > > ! > > ! > If I run : > ! > > ! > openssl s_client -connect mymailhost:993 -CApath /usr/share/ssl/certs > ! > > ! > Things appear to be OK, i.e., The SSL Handshake completes ok with Verify > ! > return code of 0. Given the three tests pass, I find this strange. Can you run: strace -e trace=file fetchmail -d0 --nodetach -vv and see if it misses files it tries to open? -- Matthias Andree |
