Menu
▾
▴
Re: [fetchmail-users] unable to get local issuer certificate
|
From: Andy M. <an...@oa...> - 2008-09-26 21:26:19
|
! Date: Sun, 14 Sep 2008 16:05:11 +0200
! From: Matthias Andree <mat...@gm...>
! To: Andy Malato <an...@oa...>
! Cc: fet...@li...
! Subject: Re: [fetchmail-users] unable to get local issuer certificate
!
! Andy Malato <an...@oa...> writes:
!
! > ! Date: Fri, 12 Sep 2008 18:23:39 +0200
! > ! From: Matthias Andree <mat...@gm...>
! > ! To: fet...@li...
! > ! Subject: Re: [fetchmail-users] unable to get local issuer certificate
! > !
! > ! Andy Malato schrieb:
! > ! > Hello All,
! > ! >
! > ! >
! > ! > I'm currently trying to get fetchmail release 6.3.8+SSL+HESIOD+NLS
! > ! > working but am running into problems with SSL certificate verification.
! > ! >
! > ! > The version of OpenSSL I am using is OpenSSL 0.9.8d on RHEL 4.
! > ! >
! > ! >
! > ! > I have specified the following options in my config file :
! > ! >
! > ! > poll mymailhost proto pop3 uidl no dns
! > ! > user mailuser
! > ! > sslcertck sslcertpath /usr/share/ssl/certs
! > ! >
! > ! > When I invoke fetchmail, I get the following :
! > ! >
! > ! > Enter password for mailuser@mymailhost:
! > ! > fetchmail: 6.3.8 querying mymailhost (protocol POP3) at Fri Sep 12
! > ! > 10:59:10 2008: poll started
! > ! > Trying to connect to 10.0.0.17/995...connected.
! > ! > fetchmail: Server certificate verification error: unable to get local
! > ! > issuer certificate
! > ! > 29071:error:14090086:SSL
! > ! > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
! > ! > failed:s3_clnt.c:843:
! > ! ...
! > ! > If I remove the sslcertck option, things work fine.
! > ! >
! > ! >
! > ! > If I run :
! > ! >
! > ! > openssl s_client -connect mymailhost:993 -CApath /usr/share/ssl/certs
! > ! >
! > ! > Things appear to be OK, i.e., The SSL Handshake completes ok with Verify
! > ! > return code of 0.
!
! Given the three tests pass, I find this strange. Can you run:
!
! strace -e trace=file fetchmail -d0 --nodetach -vv
!
! and see if it misses files it tries to open?
Thanks, and sorry for the delayed reply. I have listed the output of
strace below. From what I can see, it seems to be looking for
ed524cf5.1 which doesn't exist. I'm not sure why it is looking for
this?
yellow-92 certs>: strace -e trace=file fetchmail -d0 --nodetach -vv
execve("/usr/local/bin/fetchmail", ["fetchmail", "-d0", "--nodetach", "-vv"], [/* 39 vars */]) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/usr/lib64/libhesiod.so.0", O_RDONLY) = 3
open("/lib64/libcrypt.so.1", O_RDONLY) = 3
open("/lib64/libresolv.so.2", O_RDONLY) = 3
open("/lib64/libssl.so.4", O_RDONLY) = 3
open("/lib64/libcrypto.so.4", O_RDONLY) = 3
open("/lib64/tls/libc.so.6", O_RDONLY) = 3
open("/usr/lib64/libgssapi_krb5.so.2", O_RDONLY) = 3
open("/usr/lib64/libkrb5.so.3", O_RDONLY) = 3
open("/lib64/libcom_err.so.2", O_RDONLY) = 3
open("/usr/lib64/libk5crypto.so.3", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY) = 3
open("/usr/lib64/libz.so.1", O_RDONLY) = 3
open("/etc/nsswitch.conf", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib64/libnss_files.so.2", O_RDONLY) = 3
open("/etc/passwd", O_RDONLY) = 3
open("/etc/passwd", O_RDONLY) = 3
stat("/home/guest23/.fetchmailrc", {st_mode=S_IFREG|0710, st_size=255, ...}) = 0
lstat("/home/guest23/.fetchmailrc", {st_mode=S_IFREG|0710, st_size=255, ...}) = 0
open("/home/guest23/.fetchmailrc", O_RDONLY) = 3
open("/etc/passwd", O_RDONLY) = 3
lstat("/home/guest23/.fetchids", {st_mode=S_IFREG|0600, st_size=239, ...}) = 0
lstat("/home/guest23/.fetchids", {st_mode=S_IFREG|0600, st_size=239, ...}) = 0
open("/home/guest23/.fetchids", O_RDONLY) = 3
Old UID list from mymailhost: 9 10 11 12 13 14 15 16 17 18 <empty>
Scratch list of UIDs: <empty>
open("/home/guest23/.netrc", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/home/guest23/.fetchmail.pid", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/dev/tty", O_RDWR) = 3
Enter password for tpine@mymailhost:
open("/home/guest23/.fetchmail.pid", O_WRONLY|O_CREAT|O_EXCL, 0666) = 3
stat("/home/guest23/.fetchmailrc", {st_mode=S_IFREG|0710, st_size=255, ...}) = 0
open("/etc/resolv.conf", O_RDONLY) = 3
open("/etc/localtime", O_RDONLY) = 3
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
fetchmail: 6.3.8 querying mymailhost (protocol POP3) at Fri Sep 26 15:13:52 2008: poll started
open("/etc/services", O_RDONLY) = 3
open("/etc/hosts", O_RDONLY) = 3
open("/etc/hosts", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib64/libnss_dns.so.2", O_RDONLY) = 3
Trying to connect to 128.235.208.17/995...connected.
stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 4
stat("/usr/share/ssl/certs/ed524cf5.0", {st_mode=S_IFREG|0644, st_size=2516, ...}) = 0
open("/usr/share/ssl/certs/ed524cf5.0", O_RDONLY) = 4
stat("/usr/share/ssl/certs/ed524cf5.1", 0x7fbfffa830) = -1 ENOENT (No such file or directory)
fetchmail: Server certificate verification error: unable to get local issuer certificate
30773:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:843:
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from tpine@mymailhost
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
fetchmail: 6.3.8 querying mymailhost (protocol POP3) at Fri Sep 26 15:13:52 2008: poll completed
Merged UID list from mymailhost: 9 = 1 10 = 1 11 = 1 12 = 1 13 = 1 14 = 1 15 = 1 16 = 1 17 = 1 18 = 1 <empty>
fetchmail: Query status=2 (SOCKET)
fetchmail: Writing fetchids file.
unlink("/home/guest23/.fetchids_") = -1 ENOENT (No such file or directory)
open("/home/guest23/.fetchids_", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
rename("/home/guest23/.fetchids_", "/home/guest23/.fetchids") = 0
fetchmail: normal termination, status 2
fetchmail: Writing fetchids file.
unlink("/home/guest23/.fetchids_") = -1 ENOENT (No such file or directory)
open("/home/guest23/.fetchids_", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
rename("/home/guest23/.fetchids_", "/home/guest23/.fetchids") = 0
unlink("/home/guest23/.fetchmail.pid") = 0
yellow-93 certs>:
! --
! Matthias Andree
!
|
