Menu
▾
▴
Re: [Fetchmail-users] fetchmail and ssl certificates
|
From: Matthias A. <mat...@gm...> - 2020-07-02 19:13:05
|
Am 02.07.20 um 15:28 schrieb Ranjan Maitra: > Hi, > > Here is my .fetchmailrc > > set daemon 301 > poll pop.gmx.com > protocol POP3 > service 995 > authenticate password > user "use...@gm..." > ssl > sslfingerprint "5C:6B:60:FE:80:97:0B:13:EB:36:A3:66:48:28:7A:61:5E:B2:25:DA" > mda 'procmail -d %s' > keep > > So, it worked fine till last night, but since this morning, this has not been working. Here is what I get: > > $ fetchmail -c > fetchmail: pop.gmx.com fingerprints do not match! > fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed > fetchmail: pop.gmx.com: SSL connection failed. > fetchmail: socket error while fetching from use...@gm...@pop.gmx.com > > > Here is how I verified my fingerprint: > > ~$ openssl s_client -servername gmx.com -connect pop.gmx.com:995 | openssl x509 -fingerprint -noout > depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA > verify return:1 > depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = GeoTrust RSA CA 2018 > verify return:1 > depth=0 C = DE, ST = Rheinland-Pfalz, L = Montabaur, O = 1&1 Mail & Media GmbH, CN = mout.gmx.com > verify return:1 > SHA1 Fingerprint=5C:6B:60:FE:80:97:0B:13:EB:36:A3:66:48:28:7A:61:5E:B2:25:DA > > Any suggestions as to what I am doing wrong? > > I am on F32 (fully updated) which has fetchmail-6.4.1 and openssl-1:1.1.1g. > > Many thanks, > Ranjan Perhaps they have corrected the issue, because I currently get this with -cvv and the subjectAltName seems to cover their usage. ... fetchmail: Server certificate: fetchmail: Issuer Organization: DigiCert Inc fetchmail: Issuer CommonName: GeoTrust RSA CA 2018 fetchmail: Subject CommonName: mout.gmx.com fetchmail: Subject Alternative Name: mout.gmx.com fetchmail: Subject Alternative Name: mail.gmx.com fetchmail: Subject Alternative Name: mx00.gmx.com fetchmail: Subject Alternative Name: mx01.gmx.com fetchmail: Subject Alternative Name: pop.gmx.com fetchmail: Subject Alternative Name: imap.gmx.com fetchmail: Subject Alternative Name: smtp.gmx.com fetchmail: pop.gmx.com key fingerprint: A5:6D:6D:D4:2D:BE:4D:F5:0A:3A:DD:3E:A6:C2:D3:E8 fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_256_GCM_SHA384, 256/256 secret/processed bits fetchmail: POP3< +OK POP server ready H migmx003 1M7L3e-1jjMxZ1u5E-007l8Y ... |
