From owner-freebsd-questions@FreeBSD.ORG  Wed Jul  7 20:30:49 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9E00A106564A
	for <freebsd-questions@freebsd.org>;
	Wed,  7 Jul 2010 20:30:49 +0000 (UTC) (envelope-from mbeis@xs4all.nl)
Received: from smtp-vbr2.xs4all.nl (smtp-vbr2.xs4all.nl [194.109.24.22])
	by mx1.freebsd.org (Postfix) with ESMTP id 35E668FC14
	for <freebsd-questions@freebsd.org>;
	Wed,  7 Jul 2010 20:30:48 +0000 (UTC)
Received: from yokozuna.lan (213-84-73-82.adsl.xs4all.nl [80.101.78.208])
	by smtp-vbr2.xs4all.nl (8.13.8/8.13.8) with ESMTP id o67KUg0t004591
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Wed, 7 Jul 2010 22:30:42 +0200 (CEST) (envelope-from mbeis@xs4all.nl)
Received: from yokozuna.lan (yokozuna.lan [IPv6:::1])
	by yokozuna.lan (8.14.4/8.14.4) with ESMTP id o67KUfZH006671;
	Wed, 7 Jul 2010 22:30:41 +0200 (CEST) (envelope-from mbeis@xs4all.nl)
Date: Wed, 7 Jul 2010 22:30:41 +0200 (CEST)
From: Marco Beishuizen <mbeis@xs4all.nl>
Sender: marco@yokozuna.lan
To: Dan Nelson <dnelson@allantgroup.com>
In-Reply-To: <20100706053738.GH50409@dan.emsphone.com>
Message-ID: <alpine.BSF.2.00.1007072225440.3004@yokozuna.lan>
References: <alpine.BSF.2.00.1007032332560.2877@yokozuna.lan>
	<87sk3yv4yq.fsf@kobe.laptop>
	<20100706053738.GH50409@dan.emsphone.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Virus-Scanned: by XS4ALL Virus Scanner
Cc: Giorgos Keramidas <keramida@ceid.upatras.gr>, freebsd-questions@freebsd.org
Subject: Re: fetchmail certificate verification messages
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Marco Beishuizen <mbeis@xs4all.nl>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2010 20:30:49 -0000

On Tue, 6 Jul 2010, Dan Nelson wrote:

> CA Roots are also self-signed, btw :)  Addtrust is a valid CA Root, and is
> the root for some certificates signed by Network Solutions and Comodo (and
> probably others).  Marco, the fetchmail manpage mentions a --sslcertfile
> option; try adding "--sslcertfile /etc/ssl/cert.pem" to force fetchmail to
> use the ca_root_nss file you installed previously.  IMHO openssl should
> automatically consult that file, but apparently it doesn't.

Where do I add the "--sslcertfile" option? I do have a /etc/ssl/cert.pem 
file and fetchmail is started at boot-time (in rc.conf). The starting 
script of fetchmail in /usr/local/etc/rc.d/ isn't something to be changed 
I think. Or do I add the option in the .fetchmailrc file?

Marco

-- 
A lady is one who never shows her underwear unintentionally.
 		-- Lillian Day