Date: Sun, 15 Aug 2010 12:38:07 -0700 (PDT) From: Dan Strick <mla_strick@att.net> To: freebsd-questions@freebsd.org Cc: mla@mist.nodomain Subject: fetchmail ssl certificate verification problem in FreeBSD 8.1 Message-ID: <201008151938.o7FJc7vD001866@mist.nodomain>
next in thread | raw e-mail | index | archive | help
I just installed FreeBSD release 8.1 and rebuilt the fetchmail port. Now I get messages like these when I run fetchmail: fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!) fetchmail: No mail for whoever@att.net at att fetchmail: Server certificate verification error: unable to get local issuer certificate fetchmail: This means that the root signing certificate (issued for /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo /CN=pop.att.yahoo.com) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. fetchmail: Server certificate verification error: certificate not trusted fetchmail: Server certificate verification error: unable to verify the first certificate I just rebooted my old FreeBSD 8.0 system and verified that the old fetchmail does not complain about this. My .fetchmailrc file has not changed. It looks something like this: poll att via pop.att.yahoo.com proto pop3 user "whoever@att.net" pass "whatever" is "mla" ssl I can get rid of the message by removing the ssl option from the user line but then fetchmail would not even try to use ssl. Why would the old fetchmail be better able to verify the server's ssl certificate? Has openssl changed? Where is the openssl certificate directory and why should the information needed to verify the server's certificate be found on my machine? Doesn't the openssl library contain something like a hardwired list of well known certificate authority systems? Thanks for any information you can provide. Dan Strick mla_strick at att.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201008151938.o7FJc7vD001866>