[Fetchmail-devel] set sha1 fingerprint checking correctly on fetchmail

[Globe T. <its...@ya...>]

Hi, 

My mail service provider gmx.com recently appears to have changed their fingerprint to SHA1 (I am guessing) as a result of which my fetchmail has stopped working.
Here is the fingerprint I get:
$openssl s_client -connect pop.gmx.com:995 | openssl x509 -in /dev/stdin -sha1 -noout -fingerprint
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = GeoTrust Inc., CN = GeoTrust SSL CA - G3
verify return:1
depth=0 C = DE, ST = Rhineland-Palatinate, L = Montabaur, O = 1&1 Mail & Media GmbH, CN = pop.gmx.com
verify return:1
SHA1 Fingerprint=4D:69:52:FB:5F:18:34:5E:02:E2:7D:B5:95:B8:BD:3E:E1:8F:FD:F8



So, I set the following in my .fetchmailrc

sslfingerprint "4D:69:52:FB:5F:18:34:5E:02:E2:7D:B5:95:B8:BD:3E:E1:8F:FD:F8"

but I get the following:
$fetchmail -cv
fetchmail: --check mode enabled, not fetching mail
fetchmail: 6.3.26 querying pop.gmx.com (protocol POP3) at Mon 02 Oct 2017 11:24:50 PM CDT: poll started
Trying to connect to 212.227.17.171/995...connected.
fetchmail: Server certificate:
fetchmail: Issuer Organization: GeoTrust Inc.
fetchmail: Issuer CommonName: GeoTrust SSL CA - G3
fetchmail: Subject CommonName: pop.gmx.com
fetchmail: Subject Alternative Name: pop.gmx.com
fetchmail: pop.gmx.com key fingerprint: 6F:3E:88:EF:14:35:2C:69:7A:22:03:C8:2B:90:B3:8C
fetchmail: pop.gmx.com fingerprints do not match!
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from gt...@gm...@pop.gmx.com
fetchmail: 6.3.26 querying pop.gmx.com (protocol POP3) at Mon 02 Oct 2017 11:24:50 PM CDT: poll completed

The fingerprint is quite different from the fingerprint that is reported (and included in my .fetchmailrc). 

What am I doing wrong?
Many thanks for any help!