fetchmail ssl certificate verification problem in FreeBSD 8.1
Erik Norgaard
norgaard at locolomo.org
Sun Aug 15 20:36:28 UTC 2010
On 15/08/10 21.38, Dan Strick wrote:
> I can get rid of the message by removing the ssl option from the user
> line but then fetchmail would not even try to use ssl. Why would the
> old fetchmail be better able to verify the server's ssl certificate?
> Has openssl changed? Where is the openssl certificate directory and why
> should the information needed to verify the server's certificate be
> found on my machine? Doesn't the openssl library contain something
> like a hardwired list of well known certificate authority systems?
A little bit of searching around I found this (I don't know since when):
# less /usr/src/crypto/openssl/certs/README.RootCerts
The OpenSSL project does not (any longer) include root CA certificates.
Please check out the FAQ:
* How can I set up a bundle of commercial root CA certificates?
The FAQ is here:
/usr/src/crypto/openssl/FAQ
Also, you might find this interesting:
http://fetchmail.berlios.de/fetchmail-man.html#19
Check your fetchmail settings for sslcertck, maybe it's a compile time
option to enable this by default.
Fetchmail depends on ca_root_nss, check that one too.
BR, Erik
More information about the freebsd-questions
mailing list