Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 7 Jul 2010 15:55:52 -0500
From:      Dan Nelson <dnelson@allantgroup.com>
To:        Marco Beishuizen <mbeis@xs4all.nl>
Cc:        Giorgos Keramidas <keramida@ceid.upatras.gr>, freebsd-questions@freebsd.org
Subject:   Re: fetchmail certificate verification messages
Message-ID:  <20100707205551.GB57389@dan.emsphone.com>
In-Reply-To: <alpine.BSF.2.00.1007072225440.3004@yokozuna.lan>
References:  <alpine.BSF.2.00.1007032332560.2877@yokozuna.lan> <87sk3yv4yq.fsf@kobe.laptop> <20100706053738.GH50409@dan.emsphone.com> <alpine.BSF.2.00.1007072225440.3004@yokozuna.lan>
next in thread | previous in thread | raw e-mail | index | archive | help 
In the last episode (Jul 07), Marco Beishuizen said:
> On Tue, 6 Jul 2010, Dan Nelson wrote:
> 
> > CA Roots are also self-signed, btw :)  Addtrust is a valid CA Root, and is
> > the root for some certificates signed by Network Solutions and Comodo (and
> > probably others).  Marco, the fetchmail manpage mentions a --sslcertfile
> > option; try adding "--sslcertfile /etc/ssl/cert.pem" to force fetchmail to
> > use the ca_root_nss file you installed previously.  IMHO openssl should
> > automatically consult that file, but apparently it doesn't.
> 
> Where do I add the "--sslcertfile" option? I do have a /etc/ssl/cert.pem 
> file and fetchmail is started at boot-time (in rc.conf). The starting 
> script of fetchmail in /usr/local/etc/rc.d/ isn't something to be changed 
> I think. Or do I add the option in the .fetchmailrc file?

It's a commandline option, and from reading the manpage, apparently can be
added to a fetchmailrc:

       Almost all options have a corresponding keyword which can be used
       to declare them in a .fetchmailrc file.
[...]
       --sslcertfile <file>
              (Keyword: sslcertfile, since v6.3.17)
              Sets the file fetchmail uses to look up local certificates. 
	
If you wanted to add it to the commandline, you could put this in your
/etc/rc.conf:  fetchmail_flags="--sslcertfile"



-- 
	Dan Nelson
	dnelson@allantgroup.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100707205551.GB57389>