Date: Sun, 15 Aug 2010 22:36:24 +0200 From: Erik Norgaard <norgaard@locolomo.org> To: freebsd-questions@freebsd.org Subject: Re: fetchmail ssl certificate verification problem in FreeBSD 8.1 Message-ID: <4C684FC8.7040509@locolomo.org> In-Reply-To: <201008151938.o7FJc7vD001866@mist.nodomain> References: <201008151938.o7FJc7vD001866@mist.nodomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15/08/10 21.38, Dan Strick wrote: > I can get rid of the message by removing the ssl option from the user > line but then fetchmail would not even try to use ssl. Why would the > old fetchmail be better able to verify the server's ssl certificate? > Has openssl changed? Where is the openssl certificate directory and why > should the information needed to verify the server's certificate be > found on my machine? Doesn't the openssl library contain something > like a hardwired list of well known certificate authority systems? A little bit of searching around I found this (I don't know since when): # less /usr/src/crypto/openssl/certs/README.RootCerts The OpenSSL project does not (any longer) include root CA certificates. Please check out the FAQ: * How can I set up a bundle of commercial root CA certificates? The FAQ is here: /usr/src/crypto/openssl/FAQ Also, you might find this interesting: http://fetchmail.berlios.de/fetchmail-man.html#19 Check your fetchmail settings for sslcertck, maybe it's a compile time option to enable this by default. Fetchmail depends on ca_root_nss, check that one too. BR, Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C684FC8.7040509>