Date: Wed, 7 Jul 2010 15:55:52 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Marco Beishuizen <mbeis@xs4all.nl> Cc: Giorgos Keramidas <keramida@ceid.upatras.gr>, freebsd-questions@freebsd.org Subject: Re: fetchmail certificate verification messages Message-ID: <20100707205551.GB57389@dan.emsphone.com> In-Reply-To: <alpine.BSF.2.00.1007072225440.3004@yokozuna.lan> References: <alpine.BSF.2.00.1007032332560.2877@yokozuna.lan> <87sk3yv4yq.fsf@kobe.laptop> <20100706053738.GH50409@dan.emsphone.com> <alpine.BSF.2.00.1007072225440.3004@yokozuna.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jul 07), Marco Beishuizen said: > On Tue, 6 Jul 2010, Dan Nelson wrote: > > > CA Roots are also self-signed, btw :) Addtrust is a valid CA Root, and is > > the root for some certificates signed by Network Solutions and Comodo (and > > probably others). Marco, the fetchmail manpage mentions a --sslcertfile > > option; try adding "--sslcertfile /etc/ssl/cert.pem" to force fetchmail to > > use the ca_root_nss file you installed previously. IMHO openssl should > > automatically consult that file, but apparently it doesn't. > > Where do I add the "--sslcertfile" option? I do have a /etc/ssl/cert.pem > file and fetchmail is started at boot-time (in rc.conf). The starting > script of fetchmail in /usr/local/etc/rc.d/ isn't something to be changed > I think. Or do I add the option in the .fetchmailrc file? It's a commandline option, and from reading the manpage, apparently can be added to a fetchmailrc: Almost all options have a corresponding keyword which can be used to declare them in a .fetchmailrc file. [...] --sslcertfile <file> (Keyword: sslcertfile, since v6.3.17) Sets the file fetchmail uses to look up local certificates. If you wanted to add it to the commandline, you could put this in your /etc/rc.conf: fetchmail_flags="--sslcertfile" -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100707205551.GB57389>