Menu
▾
▴
Re: [Fetchmail-users] fetchmail and ssl certificates
|
From: Ranjan M. <ma...@em...> - 2020-07-07 12:00:26
|
On Thu, 2 Jul 2020 21:13:00 +0200 Matthias Andree <mat...@gm...> wrote: > Am 02.07.20 um 15:28 schrieb Ranjan Maitra: > > Hi, > > > > Here is my .fetchmailrc > > > > set daemon 301 > > poll pop.gmx.com > > protocol POP3 > > service 995 > > authenticate password > > user "use...@gm..." > > ssl > > sslfingerprint "5C:6B:60:FE:80:97:0B:13:EB:36:A3:66:48:28:7A:61:5E:B2:25:DA" > > mda 'procmail -d %s' > > keep > > > > So, it worked fine till last night, but since this morning, this has not been working. Here is what I get: > > > > $ fetchmail -c > > fetchmail: pop.gmx.com fingerprints do not match! > > fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed > > fetchmail: pop.gmx.com: SSL connection failed. > > fetchmail: socket error while fetching from use...@gm...@pop.gmx.com > > > > > > Here is how I verified my fingerprint: > > > > ~$ openssl s_client -servername gmx.com -connect pop.gmx.com:995 | openssl x509 -fingerprint -noout > > depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA > > verify return:1 > > depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = GeoTrust RSA CA 2018 > > verify return:1 > > depth=0 C = DE, ST = Rheinland-Pfalz, L = Montabaur, O = 1&1 Mail & Media GmbH, CN = mout.gmx.com > > verify return:1 > > SHA1 Fingerprint=5C:6B:60:FE:80:97:0B:13:EB:36:A3:66:48:28:7A:61:5E:B2:25:DA > > > > Any suggestions as to what I am doing wrong? > > > > I am on F32 (fully updated) which has fetchmail-6.4.1 and openssl-1:1.1.1g. > > > > Many thanks, > > Ranjan > > Perhaps they have corrected the issue, because I currently get this with > -cvv and the subjectAltName seems to cover their usage. > > ... > fetchmail: Server certificate: > fetchmail: Issuer Organization: DigiCert Inc > fetchmail: Issuer CommonName: GeoTrust RSA CA 2018 > fetchmail: Subject CommonName: mout.gmx.com > fetchmail: Subject Alternative Name: mout.gmx.com > fetchmail: Subject Alternative Name: mail.gmx.com > fetchmail: Subject Alternative Name: mx00.gmx.com > fetchmail: Subject Alternative Name: mx01.gmx.com > fetchmail: Subject Alternative Name: pop.gmx.com > fetchmail: Subject Alternative Name: imap.gmx.com > fetchmail: Subject Alternative Name: smtp.gmx.com > fetchmail: pop.gmx.com key fingerprint: > A5:6D:6D:D4:2D:BE:4D:F5:0A:3A:DD:3E:A6:C2:D3:E8 > fetchmail: SSL/TLS: using protocol TLSv1.3, cipher > TLS_AES_256_GCM_SHA384, 256/256 secret/processed bits > fetchmail: POP3< +OK POP server ready H migmx003 1M7L3e-1jjMxZ1u5E-007l8Y > ... > Thank you for this. I have changed my fingerprint to match what you write, and this seems to work. It is interesting why the other command gives an incorrect fingerprint. Thanks again and best wishes, Ranjan -- Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses. |
