From owner-freebsd-questions@FreeBSD.ORG Wed Jul 7 20:55:58 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CFFFD1065674 for ; Wed, 7 Jul 2010 20:55:58 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from email1.allantgroup.com (email1.emsphone.com [199.67.51.115]) by mx1.freebsd.org (Postfix) with ESMTP id 7B5938FC1B for ; Wed, 7 Jul 2010 20:55:58 +0000 (UTC) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by email1.allantgroup.com (8.14.0/8.14.0) with ESMTP id o67Ktqww055753 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 7 Jul 2010 15:55:53 -0500 (CDT) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (smmsp@localhost [127.0.0.1]) by dan.emsphone.com (8.14.4/8.14.4) with ESMTP id o67KtqQZ045593 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 7 Jul 2010 15:55:52 -0500 (CDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.14.4/8.14.3/Submit) id o67KtqIX045591; Wed, 7 Jul 2010 15:55:52 -0500 (CDT) (envelope-from dan) Date: Wed, 7 Jul 2010 15:55:52 -0500 From: Dan Nelson To: Marco Beishuizen Message-ID: <20100707205551.GB57389@dan.emsphone.com> References: <87sk3yv4yq.fsf@kobe.laptop> <20100706053738.GH50409@dan.emsphone.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-OS: FreeBSD 8.1-PRERELEASE User-Agent: Mutt/1.5.20 (2009-06-14) X-Virus-Scanned: clamav-milter 0.96 at email1.allantgroup.com X-Virus-Status: Clean X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (email1.allantgroup.com [199.67.51.78]); Wed, 07 Jul 2010 15:55:53 -0500 (CDT) X-Scanned-By: MIMEDefang 2.45 Cc: Giorgos Keramidas , freebsd-questions@freebsd.org Subject: Re: fetchmail certificate verification messages X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jul 2010 20:55:58 -0000 In the last episode (Jul 07), Marco Beishuizen said: > On Tue, 6 Jul 2010, Dan Nelson wrote: > > > CA Roots are also self-signed, btw :) Addtrust is a valid CA Root, and is > > the root for some certificates signed by Network Solutions and Comodo (and > > probably others). Marco, the fetchmail manpage mentions a --sslcertfile > > option; try adding "--sslcertfile /etc/ssl/cert.pem" to force fetchmail to > > use the ca_root_nss file you installed previously. IMHO openssl should > > automatically consult that file, but apparently it doesn't. > > Where do I add the "--sslcertfile" option? I do have a /etc/ssl/cert.pem > file and fetchmail is started at boot-time (in rc.conf). The starting > script of fetchmail in /usr/local/etc/rc.d/ isn't something to be changed > I think. Or do I add the option in the .fetchmailrc file? It's a commandline option, and from reading the manpage, apparently can be added to a fetchmailrc: Almost all options have a corresponding keyword which can be used to declare them in a .fetchmailrc file. [...] --sslcertfile (Keyword: sslcertfile, since v6.3.17) Sets the file fetchmail uses to look up local certificates. If you wanted to add it to the commandline, you could put this in your /etc/rc.conf: fetchmail_flags="--sslcertfile" -- Dan Nelson dnelson@allantgroup.com