Menu
▾
▴
Re: [Fetchmail-users] ssl config
|
From: Joe Acquisto-j. <jo...@j4...> - 2015-05-09 00:02:42
|
>>> On 5/8/2015 at 7:09 PM, "Joe Acquisto-j4" <jo...@j4...> wrote: >>>> On 5/8/2015 at 10:41 AM, Matthias Andree <mat...@gm...> wrote: >> Am 07.05.2015 um 22:20 schrieb Joe Acquisto-j4: >>>>>> Matthias Andree <mat...@gm...> 05/07/15 2:51 PM >>> >>> Am 07.05.2015 um 01:09 schrieb Joe Acquisto-j4: >>>> As my provider is soon going exclusively to ssl/tls, I need to finally get >> fetchmail configured correctly for certs. >>>> >>>> I am seeing this: fetchmail: Server certificate verification error: >> certificate signature failure >>>> >>>> I checked and the cert is expired. Could that be it? >>>> >>>> Also, my fetchmail is probably well out of date, and I expect some public >> shaming, so to facilitate that: >>>> >>>> This is fetchmail release >> 6.3.2+POP2+IMAP-GSS+RPA+NTLM+SDPS+SSL+OPIE+SOCKS+NLS >>>> >>>> I am prepared. I think. >>> >>> I think I fixed certificate-check-related bugs in the 24 releases since >>> then... but with expired certificates the provider is putting shame on >>> itself, too. >>> >>> Twenty four since the version I'm using? (look of shame). >>> >>> Anyway, the error message is related to the *providers* cert, not me? >> >> First of all, use mail software that can attribute and indent quoted >> material properly. >> >> Then, yes, it's time to upgrade - I do not recall what 6.3.2 did wrong, >> and I am inclined to let people (i. e. you) read the NEWS file of a >> newer version by themselves to figure out what got repaired... >> at the very least, you will get clearer SSL/TLS error reporting out of >> newer versions, so you can then assess the situation better. >> > > So running 6.3.26 now. Downloaded it a while back, actually, > > > Below is a snippet: > > fetchmail: POP3< . > fetchmail: POP3> STLS > fetchmail: POP3< +OK Begin TLS negotiation now. > fetchmail: Issuer Organization: GeoTrust, Inc. > fetchmail: Issuer CommonName: RapidSSL CA > fetchmail: Server CommonName: *.myisp.com > fetchmail: Subject Alternative Name: *.myisp.com > fetchmail: Subject Alternative Name: myisp.com > fetchmail: mail.bravehost.com key fingerprint: > xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx > fetchmail: Server certificate verification error: certificate signature > failure > fetchmail: POP3> CAPA > fetchmail: POP3< +OK > > > Mail does get fetched and delivers locally as before. The other end is, > supposedly, configured to do ssl/tls only. May I infer (correctly!) > it is using TLS despite the message? > > joe a > > Message seems to have been sorted by adding this to each fetch line in .fetchmailrc : sslfingerprint "the.cert.sig" sslcertpath /my/path/to/certs joe a. |
