Date: Mon, 16 Aug 2010 09:10:49 -0300 (ADT) From: "A. Wright" <andrew@qemg.org> To: RW <rwmaillists@googlemail.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: fetchmail ssl certificate verification problem in FreeBSD 8.1 Message-ID: <alpine.BSF.2.00.1008160848520.35819@qemg.org> In-Reply-To: <20100816015747.112bfcb8@gumby.homeunix.com> References: <201008152235.o7FMZ2X2049722@mist.nodomain> <20100816015747.112bfcb8@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 15 Aug 2010, RW wrote: > On Sun, 15 Aug 2010 Dan Strick <mla_strick@att.net> wrote: > >> That explains the problem. >> I copied the file /usr/local/share/certs/ca-root-nss.crt from my old >> FreeBSD release-8.0 system and hooked it up to fetchmail with the >> fetchmail sslcertfile option. At least fetchmail is now happy. > > You'd be better off installing security/ca_root_nss otherwise you'll be > stuck with a stale file. > > I don't know why you don't have it, it's a dependency of fetchmail and > many other ports. This thread caused me to look at my maillog, and I see the same issue. The fetchmail port has correctly installed security/ca_root_nss, and pkg_which reports the file in /usr/local/share/certs as having the origin ca_root_nss-3.12.4, however fetchmail isn't looking at it. Looking at the fetchmail code, there is no value set for ctl->sslcertfile. I'm not sure what fetchmail's behaviour was prior to 8.1, so I do not know whether this has changed. I don't have a pre-8.1 install handy -- if the OP does, I'd be interested in knowing whether the string "SSL trusted certificate file:" appears in the output of env LC_ALL=C fetchmail -V -v --nodetach --nosyslog and if so, what filename appears after the colon. A.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1008160848520.35819>