Menu
▾
▴
Re: [Fetchmail-users] ssl config
|
From: Joe Acquisto-j. <jo...@j4...> - 2015-05-08 23:10:09
|
>>> On 5/8/2015 at 10:41 AM, Matthias Andree <mat...@gm...> wrote: > Am 07.05.2015 um 22:20 schrieb Joe Acquisto-j4: >>>>> Matthias Andree <mat...@gm...> 05/07/15 2:51 PM >>> >> Am 07.05.2015 um 01:09 schrieb Joe Acquisto-j4: >>> As my provider is soon going exclusively to ssl/tls, I need to finally get > fetchmail configured correctly for certs. >>> >>> I am seeing this: fetchmail: Server certificate verification error: > certificate signature failure >>> >>> I checked and the cert is expired. Could that be it? >>> >>> Also, my fetchmail is probably well out of date, and I expect some public > shaming, so to facilitate that: >>> >>> This is fetchmail release > 6.3.2+POP2+IMAP-GSS+RPA+NTLM+SDPS+SSL+OPIE+SOCKS+NLS >>> >>> I am prepared. I think. >> >> I think I fixed certificate-check-related bugs in the 24 releases since >> then... but with expired certificates the provider is putting shame on >> itself, too. >> >> Twenty four since the version I'm using? (look of shame). >> >> Anyway, the error message is related to the *providers* cert, not me? > > First of all, use mail software that can attribute and indent quoted > material properly. > > Then, yes, it's time to upgrade - I do not recall what 6.3.2 did wrong, > and I am inclined to let people (i. e. you) read the NEWS file of a > newer version by themselves to figure out what got repaired... > at the very least, you will get clearer SSL/TLS error reporting out of > newer versions, so you can then assess the situation better. > So running 6.3.26 now. Downloaded it a while back, actually, Below is a snippet: fetchmail: POP3< . fetchmail: POP3> STLS fetchmail: POP3< +OK Begin TLS negotiation now. fetchmail: Issuer Organization: GeoTrust, Inc. fetchmail: Issuer CommonName: RapidSSL CA fetchmail: Server CommonName: *.myisp.com fetchmail: Subject Alternative Name: *.myisp.com fetchmail: Subject Alternative Name: myisp.com fetchmail: mail.bravehost.com key fingerprint: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx fetchmail: Server certificate verification error: certificate signature failure fetchmail: POP3> CAPA fetchmail: POP3< +OK Mail does get fetched and delivers locally as before. The other end is, supposedly, configured to do ssl/tls only. May I infer (correctly!) it is using TLS despite the message? joe a |
