From owner-freebsd-questions@FreeBSD.ORG  Sun Jul  4 05:33:24 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C8254106564A
	for <freebsd-questions@freebsd.org>;
	Sun,  4 Jul 2010 05:33:24 +0000 (UTC)
	(envelope-from dan@dan.emsphone.com)
Received: from email1.allantgroup.com (email1.emsphone.com [199.67.51.115])
	by mx1.freebsd.org (Postfix) with ESMTP id 8ED418FC15
	for <freebsd-questions@freebsd.org>;
	Sun,  4 Jul 2010 05:33:24 +0000 (UTC)
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by email1.allantgroup.com (8.14.0/8.14.0) with ESMTP id o645XMYu074619
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Sun, 4 Jul 2010 00:33:22 -0500 (CDT)
	(envelope-from dan@dan.emsphone.com)
Received: from dan.emsphone.com (smmsp@localhost [127.0.0.1])
	by dan.emsphone.com (8.14.4/8.14.4) with ESMTP id o645XMRb013917
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Sun, 4 Jul 2010 00:33:22 -0500 (CDT)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.14.4/8.14.3/Submit) id o645XL13013916;
	Sun, 4 Jul 2010 00:33:21 -0500 (CDT) (envelope-from dan)
Date: Sun, 4 Jul 2010 00:33:21 -0500
From: Dan Nelson <dnelson@allantgroup.com>
To: Marco Beishuizen <mbeis@xs4all.nl>
Message-ID: <20100704053321.GG50409@dan.emsphone.com>
References: <alpine.BSF.2.00.1007032332560.2877@yokozuna.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.BSF.2.00.1007032332560.2877@yokozuna.lan>
X-OS: FreeBSD 8.1-PRERELEASE
User-Agent: Mutt/1.5.20 (2009-06-14)
X-Virus-Scanned: clamav-milter 0.96 at email1.allantgroup.com
X-Virus-Status: Clean
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2
	(email1.allantgroup.com [199.67.51.78]);
	Sun, 04 Jul 2010 00:33:22 -0500 (CDT)
X-Scanned-By: MIMEDefang 2.45
Cc: freebsd-questions@freebsd.org
Subject: Re: fetchmail certificate verification messages
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Jul 2010 05:33:24 -0000

In the last episode (Jul 03), Marco Beishuizen said:
> I'm seeing in my logfiles a lot of messages like these from fetchmail:
> 
> Jul  3 22:02:54 yokozuna fetchmail[1437]: Server certificate verification 
> error: self signed certificate in certificate chain
> Jul  3 22:02:54 yokozuna fetchmail[1437]: This means that the root signing 
> certificate (issued for /C=SE/O=AddTrust AB/OU=AddTrust External TTP 
> Network/CN=AddTrust External CA Root) is not in the trusted CA certificate 
> locations, or that c_rehash needs to be run on the certificate directory. 
> For details, please see the documentation of sslcertpath and 
> sslcertfile in the manual page.
> 
> Does anyone know what these messages mean and if they are harmless or not?

Probably harmless, unless someone has forged a certificate chain using a
fake "AddTrust External CA Root" cert at the top.  Installing the
security/ca_root_nss port (make sure you enable the ETCSYMLINK option) will
probably silence it.

-- 
	Dan Nelson
	dnelson@allantgroup.com