fetchmail ssl certificate verification problem in FreeBSD 8.1
Dan Strick
mla_strick at att.net
Sun Aug 15 20:04:49 UTC 2010
I just installed FreeBSD release 8.1 and rebuilt the fetchmail port.
Now I get messages like these when I run fetchmail:
fetchmail: Warning: the connection is insecure, continuing anyways.
(Better use --sslcertck!)
fetchmail: No mail for whoever at att.net at att
fetchmail: Server certificate verification error: unable to get local
issuer certificate
fetchmail: This means that the root signing certificate (issued for
/C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo
/CN=pop.att.yahoo.com) is not in the trusted CA certificate
locations, or that c_rehash needs to be run on the certificate
directory. For details, please see the documentation of
--sslcertpath and --sslcertfile in the manual page.
fetchmail: Server certificate verification error: certificate not trusted
fetchmail: Server certificate verification error: unable to verify the
first certificate
I just rebooted my old FreeBSD 8.0 system and verified that the old
fetchmail does not complain about this. My .fetchmailrc file has not
changed. It looks something like this:
poll att via pop.att.yahoo.com proto pop3
user "whoever at att.net" pass "whatever" is "mla" ssl
I can get rid of the message by removing the ssl option from the user
line but then fetchmail would not even try to use ssl. Why would the
old fetchmail be better able to verify the server's ssl certificate?
Has openssl changed? Where is the openssl certificate directory and why
should the information needed to verify the server's certificate be
found on my machine? Doesn't the openssl library contain something
like a hardwired list of well known certificate authority systems?
Thanks for any information you can provide.
Dan Strick
mla_strick at att.net
More information about the freebsd-questions
mailing list