From owner-freebsd-questions@FreeBSD.ORG Sun Aug 15 20:04:49 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A98B1065670 for ; Sun, 15 Aug 2010 20:04:49 +0000 (UTC) (envelope-from mla_strick@att.net) Received: from smtp125.sbc.mail.sp1.yahoo.com (smtp125.sbc.mail.sp1.yahoo.com [69.147.65.184]) by mx1.freebsd.org (Postfix) with SMTP id 4B7CE8FC0A for ; Sun, 15 Aug 2010 20:04:49 +0000 (UTC) Received: (qmail 26317 invoked from network); 15 Aug 2010 19:38:09 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.net; s=s1024; t=1281901089; bh=I75pxV8FV8gvXvG+OBT3Y8RvBbEa9CczQIPHxnN9B7M=; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Received:Received:Date:From:Message-Id:To:Subject:Cc; b=fyg6YWMZ1k6AV8tQEwJl5QLvSzwNLDEHGoCQOoBEsFH2tIe/hpKRaFnY1Neqq1b1GuuKxTYjOCP8QLx/2/LVe9tO2y3FlRM72UShw1e0nfVVtIpTdwVmIC9wxOFXfjEE9w8gKC3PX2oYFFACSrx84IwMS9wl0lTfaGJXofFV+KM= Received: from mist.nodomain (mla_strick@69.228.206.173 with login) by smtp125.sbc.mail.sp1.yahoo.com with SMTP; 15 Aug 2010 12:38:09 -0700 PDT X-Yahoo-SMTP: ppEzeiKswBBq7wHVNDEiPbPsAwzyGELyRI8IdiDYGqsxaD5uQA-- X-YMail-OSG: DAvZMi4VM1ky_SsVM4e7CMgpCcDmbCOcInWndTRHtNO.HMV t2gXIOf3lPdaxMPvwKtDnDTfeg604yGWvFc3WvDg7OeoGwEHBD5TdS9TFxwp I3fRUEADpchkaFoSsuZwFzW..5zFDhLHJRvO3tGMx1ZTdaRDNIg64AlaUFhJ yMhvUt7WgtplUWjhfyXzY1PnI9vfmPPXBniT1wV.UwefGBsRVsMCXhRkCyYs Mk0wARyqEDIGAmAd3OVi4Qmqu8L39YMZYclsqD6PS91SsQwIDbNLRRRgiWaF lTaZ2mKoj X-Yahoo-Newman-Property: ymail-3 Received: from mist.nodomain (localhost [127.0.0.1]) by mist.nodomain (8.14.4/8.14.4) with ESMTP id o7FJc71p001867; Sun, 15 Aug 2010 12:38:08 -0700 (PDT) (envelope-from mla@mist.nodomain) Received: (from dan@localhost) by mist.nodomain (8.14.4/8.14.4/Submit) id o7FJc7vD001866; Sun, 15 Aug 2010 12:38:07 -0700 (PDT) (envelope-from mla) Date: Sun, 15 Aug 2010 12:38:07 -0700 (PDT) From: Dan Strick Message-Id: <201008151938.o7FJc7vD001866@mist.nodomain> To: freebsd-questions@freebsd.org Cc: mla@mist.nodomain Subject: fetchmail ssl certificate verification problem in FreeBSD 8.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Aug 2010 20:04:49 -0000 I just installed FreeBSD release 8.1 and rebuilt the fetchmail port. Now I get messages like these when I run fetchmail: fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!) fetchmail: No mail for whoever@att.net at att fetchmail: Server certificate verification error: unable to get local issuer certificate fetchmail: This means that the root signing certificate (issued for /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo /CN=pop.att.yahoo.com) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. fetchmail: Server certificate verification error: certificate not trusted fetchmail: Server certificate verification error: unable to verify the first certificate I just rebooted my old FreeBSD 8.0 system and verified that the old fetchmail does not complain about this. My .fetchmailrc file has not changed. It looks something like this: poll att via pop.att.yahoo.com proto pop3 user "whoever@att.net" pass "whatever" is "mla" ssl I can get rid of the message by removing the ssl option from the user line but then fetchmail would not even try to use ssl. Why would the old fetchmail be better able to verify the server's ssl certificate? Has openssl changed? Where is the openssl certificate directory and why should the information needed to verify the server's certificate be found on my machine? Doesn't the openssl library contain something like a hardwired list of well known certificate authority systems? Thanks for any information you can provide. Dan Strick mla_strick at att.net