Date: Sat, 07 Oct 2023 11:53:33 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 274324] mail/fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed Message-ID: <bug-274324-7788-w1vz6xhP6W@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-274324-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-274324-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274324 Michael Osipov <michael.osipov@siemens.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |michael.osipov@siemens.com --- Comment #3 from Michael Osipov <michael.osipov@siemens.com> --- Author of the mentioned commit here, let's try to find the issue together..= .I highly doubt that it is related to the commit because it does not use libfe= tch. Looking at socket.c: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D tmp =3D getenv("FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS"); if (want_default_cacerts || (tmp && tmp[0])) { #ifdef USING_WOLFSSL /* wolfSSL 5.0.0 does not implement * SSL_CTX_set_default_verify_paths(). Use something * else: */ const char *tmp =3D WOLFSSL_TRUST_FILE; l1 =3D tmp; l2=3DNULL; if (*tmp) r =3D SSL_CTX_load_verify_locations(_ctx[so= ck], tmp, NULL); #else r =3D SSL_CTX_set_default_verify_paths(_ctx[sock]); if (1 !=3D r) goto no_verify_load; #endif } =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This code looks correct. You should check what is in your default trust sto= re and what "openssl s_client -connect <target>" tells you and whether it can verify intermediate and root CAs. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-274324-7788-w1vz6xhP6W>