[Fetchmail-users] fetchmail: puts no messages, quits

[lothar <lo...@pr...>]

i have spent hours and days building and rebuilding fetchmail, studying documents and user reports, and fiddling with configuration and settings.

1. why is fetchmail not working?
fetchmail runs silently for maybe 30 seconds, then puts the message shown below and quits.
also there is nothing in the logfile.

2. why do i see no progress messages, when i have put to give them?
there is nothing like:
  fetchmail: 6.3.22 querying someisp.net (protocol POP3) at Tue 31 Jul 2018 02:00:00 UCT: poll started
  Trying to connect to 178.47.11.211/995...connected.

3. i can communicate with the mail provider with openssl to the point where openssl sends
  +OK POP3 ready

4. i can receive and send mail from the mail provider with seamonkey.

5. the file named in the message is
  s3_clnt.c
the search for same at
  https://cygwin.com/packages/
shows
    ...
    openssl-debuginfo-1.0.2o-1 - openssl-debuginfo: Debug info for openssl
s3_clnt.c must be in the main body of openssl code, but it is listed oddly as part of openssl-debuginfo.

6. i built fetchmail with:
  ./configure --with-ssl --bindir=/usr/bin --mandir=/usr/share/man
some of the text from the configure output is shown below.

7. the fact that there are no messages suggests a build error, but i have built the thing more than once.

8. aside from the fact that there are no messages but one, that one complains about certificate verification.
i have changed sslcertpath in ~/.fetchmailrc to:
  /etc/ssl/certs
  /usr/ssl/certs
  /var/lib/fetchmail/certs
all equally in vain.

$ fetchmail -cvvv
4294956672:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:s3_clnt.c:1269:

$ fetchmail -V
This is fetchmail release 6.3.22+SSL+NLS.

Copyright (C) 2002, 2003 Eric S. Raymond
Copyright (C) 2004 Matthias Andree, Eric S. Raymond,
                   Robert M. Funk, Graham Wilson
Copyright (C) 2005 - 2006, 2010 - 2011 Sunil Shetye
Copyright (C) 2005 - 2011 Matthias Andree
Fetchmail comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions. For details,
please see the file COPYING in the source or documentation directory.
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit. (http://www.openssl.org/)

Fallback MDA: (none)
CYGWIN_NT-10.0 hooha 2.10.0(0.325/5/3) 2018-02-02 15:16 x86_64 Cygwin

Taking options from command line and /home/lam/.fetchmailrc
Logfile is /home/lam/.fetchmaillog
Idfile is /home/lam/.fetchids
Progress messages will be logged via syslog
Fetchmail will forward misaddressed multidrop messages to mh.
Options for retrieving from mi...@us...@mail-olympus.userservices.net:
  True name of server is mail-olympus.userservices.net.
  Protocol is POP3 (using service 995).
  All available authentication methods will be tried.
  SSL encrypted sessions enabled.
  SSL server certificate checking enabled.
  SSL trusted certificate directory: /var/lib/fetchmail/certs
  SSL key fingerprint (checked against the server key): 11:64:3A:38:DC:EB:CF:17:3A:83:E3:33:03:42:EB:94
  Server nonresponse timeout is 300 seconds (default).
  Default mailbox selected.
  Only new messages will be retrieved (--all off).

... ## text omitted

$ cat ~/.fetchmail
poll mail.someisp.net
  proto POP3
  port 995
  user 'la...@so...'
  there with password 'vxxv'
  is 'la...@so...' here
  mda "/usr/bin/procmail -d %T"
options
  no keep
  ssl
  sslcertck
  sslproto tls1
  sslcertpath /var/lib/fetchmail/certs
... ## text omitted

$ openssl s_client -connect mail.someisp.net:995 -showcerts
CONNECTED(00000003)
---
Certificate chain
0 s:/C=CA/ST=Ontario/L=Toronto/O=Tucows Inc/OU=Operations/CN=*.b.hostedemail.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018
-----BEGIN CERTIFICATE-----
MIIGDjCCBPagAwIBAgIQB0QktDd1at6/85CVOXSaUjANBgkqhkiG9w0BAQsFADBe
... ## text omitted

$ uname -a
CYGWIN_NT-10.0 hooha 2.10.0(0.325/5/3) 2018-02-02 15:16 x86_64 Cygwin

## in /var/lib/fetchmail/certs:
$ ls -lgGt "--time-style=$TIMESTYLE"
-rw-r--r-- 1 6148 2018.07.31 02:00 mail.someisp.net.pem
lrwxrwxrwx 1   49 2018.07.31 02:00 tls-ca-bundle.pem -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

## mail.userservices.net.pem was created with:
$ openssl s_client -connect mail.someisp.net:995 -showcerts > mail.someisp.net.pem
## tls-ca-bundle.pem is the standard bundled certificates list provided by the ca-certificates package.

## in /wxe/fetchmail/fetchmail-6.3.22
$ grep -ni -e ssl config.h
53:/* Define to 1 if you have the declaration of `SSLv2_client_method', and to 0
55:#define HAVE_DECL_SSLV2_CLIENT_METHOD 1
373:/* Define if you want SSL support compiled in */
374:#define SSL_ENABLE 1

$ grep -i -e ssl config.log
$ ./configure --with-ssl --bindir=/usr/bin --mandir=/usr/share/man
configure:9985: Enabling OpenSSL support in /usr.
configure:9997: checking for additional library dependencies of SSL
configure:10014: gcc -o conftest.exe -g -O2 -I/usr/kerberos/include   -L/usr/lib conftest.c  -L/usr/lib   -lssl -lcrypto  >&5
configure:10039: checking whether SSLv2_client_method is declared
configure:10221: gcc -o conftest.exe -g -O2 -I/usr/kerberos/include   -L/usr/lib conftest.c   -lssl -lcrypto  >&5
#define SSL_ENABLE 1
#define SSL_ENABLE 1
#define HAVE_DECL_SSLV2_CLIENT_METHOD 1
configure:10246: gcc -o conftest.exe -g -O2 -I/usr/kerberos/include   -L/usr/lib conftest.c   -lssl -lcrypto  >&5
| #define SSL_ENABLE 1
| #define SSL_ENABLE 1
| #define HAVE_DECL_SSLV2_CLIENT_METHOD 1
configure:10271: gcc -o conftest.exe -g -O2 -I/usr/kerberos/include   -L/usr/lib conftest.c   -lssl -lcrypto  >&5
| #define SSL_ENABLE 1
| #define SSL_ENABLE 1
| #define HAVE_DECL_SSLV2_CLIENT_METHOD 1
ac_cv_have_decl_SSLv2_client_method=yes
LIBS='  -lssl -lcrypto '
#define SSL_ENABLE 1
#define SSL_ENABLE 1
#define HAVE_DECL_SSLV2_CLIENT_METHOD 1

$ grep -ni -e ssl config.status
442:ac_cs_config="'--with-ssl' '--bindir=/usr/bin' '--mandir=/usr/share/man'"
534:  set X '/bin/sh' './configure'  '--with-ssl' '--bindir=/usr/bin' '--mandir=/usr/share/man' $ac_configure_extra_args --no-create --no-recursion
757:S["LIBS"]="  -lssl -lcrypto "
926:D["SSL_ENABLE"]=" 1"
927:D["SSL_ENABLE"]=" 1"
928:D["HAVE_DECL_SSLV2_CLIENT_METHOD"]=" 1"

Sent with [ProtonMail](https://protonmail.com) Secure Email.