From owner-freebsd-questions@FreeBSD.ORG Mon Aug 16 12:10:52 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 33FCE1065694 for ; Mon, 16 Aug 2010 12:10:52 +0000 (UTC) (envelope-from ahamiltonwright@mta.ca) Received: from smtpx.mta.ca (smtpx.mta.ca [138.73.1.138]) by mx1.freebsd.org (Postfix) with ESMTP id 068348FC19 for ; Mon, 16 Aug 2010 12:10:51 +0000 (UTC) Received: from qemg.mta.ca ([138.73.29.51]:49177 helo=qemg.org) by smtpx.mta.ca with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.71) (envelope-from ) id 1OkyWf-0000A3-Om; Mon, 16 Aug 2010 09:10:49 -0300 Date: Mon, 16 Aug 2010 09:10:49 -0300 (ADT) From: "A. Wright" To: RW In-Reply-To: <20100816015747.112bfcb8@gumby.homeunix.com> Message-ID: References: <201008152235.o7FMZ2X2049722@mist.nodomain> <20100816015747.112bfcb8@gumby.homeunix.com> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: ahamiltonwright@mta.ca Cc: "freebsd-questions@freebsd.org" Subject: Re: fetchmail ssl certificate verification problem in FreeBSD 8.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Aug 2010 12:10:52 -0000 On Sun, 15 Aug 2010, RW wrote: > On Sun, 15 Aug 2010 Dan Strick wrote: > >> That explains the problem. >> I copied the file /usr/local/share/certs/ca-root-nss.crt from my old >> FreeBSD release-8.0 system and hooked it up to fetchmail with the >> fetchmail sslcertfile option. At least fetchmail is now happy. > > You'd be better off installing security/ca_root_nss otherwise you'll be > stuck with a stale file. > > I don't know why you don't have it, it's a dependency of fetchmail and > many other ports. This thread caused me to look at my maillog, and I see the same issue. The fetchmail port has correctly installed security/ca_root_nss, and pkg_which reports the file in /usr/local/share/certs as having the origin ca_root_nss-3.12.4, however fetchmail isn't looking at it. Looking at the fetchmail code, there is no value set for ctl->sslcertfile. I'm not sure what fetchmail's behaviour was prior to 8.1, so I do not know whether this has changed. I don't have a pre-8.1 install handy -- if the OP does, I'd be interested in knowing whether the string "SSL trusted certificate file:" appears in the output of env LC_ALL=C fetchmail -V -v --nodetach --nosyslog and if so, what filename appears after the colon. A.