Menu
▾
▴
Re: [Fetchmail-users] Using fetchmail with iCloud via IMAP
|
From: Matthias A. <mat...@gm...> - 2022-03-12 00:06:44
|
Am 11.03.22 um 22:59 schrieb Jon Brinkmann: > Thanks! > > I got it working, with one additional step. The depth=2 SSL certificate for > icloud.com is self-signed, so fetchmail refuses the SSL connection. I found > the solution at: > > https://geekmush.wordpress.com/2007/06/29/how-to-make-fetchmail-happy-with-the-servers-ssl-cert/ Congratulations, you have just installed some attacker's CA certificates. That is not a solution, but unsafe garbage. Please everyone remove the certificates you have installed that way. Instead, install your distribution's default Mozilla certificate package. Depending on your distribution, it might be called ca-certificates or ca_root_nss or similar. Explanation: The root CA certificate (Equifax's in that example on the website) MUST be obtained via a SECURE separate channel and NOT from the connection. There are SSL tools (for instance, SSLsplit) that will generate such CA certificates on the fly to crack the encrypted connection and you could not tell from the name that this is happening. This is typical for anti-virus/web security gateways/firewalls and of course also in malicious attacks. |
