Date: Thu, 10 Jan 2013 13:38:32 -0500 From: Paul Kraus <paul@kraus-haus.org> To: glarkin@FreeBSD.org Cc: freebsd-questions@freebsd.org Subject: Re: OpenSSL Certificate issue Message-ID: <C09A6345-B99C-4ACA-B8DA-C1B95A537464@kraus-haus.org> In-Reply-To: <50EF087A.50002@FreeBSD.org> References: <23C1DB57-7A56-48DC-A0D0-8CF8B1CC8915@kraus-haus.org> <50EEFC7D.5070706@FreeBSD.org> <EBD01B94-63EF-41A1-A4BC-2F789763AA3B@kraus-haus.org> <50EF087A.50002@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 1/10/13 12:49 PM, Paul Kraus wrote: >> On Jan 10, 2013, at 12:38 PM, Greg Larkin wrote: >>=20 >>> It looks like you don't have the Gmail certificate installed >>> locally, unless I'm mistaken. >>=20 >> I do not need to have the Google cert installed as long as I have >> the Root Cert that signed it installed, and I do have that cert. >> The fact that I can point to the certificate file itself and the >> test connection works fine shows that I have the correct cert file. >> I agree that it is probably NOT installed correctly, but ... >>=20 >>> Check the instructions here, and let us know if that fixes the >>> problem for you:=20 >>> http://squeezesetup.wordpress.com/install-mail-part-2-gmail-certs/ >>=20 >>>=20 >> these instructions appear to be for Linux and not FreeBSD and there >> are configuration and path differences, which is probably the core >> of my problem. I expect that I have not installed the root certs >> into the correct directory (but they are in the directory that >> c_rehash is working in). >>=20 >>=20 >=20 > My guess is that you're using the c_rehash supplied with OpenSSL 1.x > (installed as a port?) to hash the certs and then the OpenSSL 0.9.x > binary from the base system to connect to the Gmail POP server. >=20 > Give your s_client command another try with the fully specified path > to the OpenSSL 1.x binary to see if that corrects the verification = error. That appears to be the problem, using /usr/local/bin/openssl works, but = I still need to know where the base system needs to have the certs = placed (and how to hash them as the only c_rehash script is the one that = came with the port of openssl) ? There are a number of utilities (most = important here is fetchmail) which is using the base opensssl libraries. NOTE: I did not explicitly install the openssl port, it must have been = brought in as a dependency by another port. -- Paul Kraus Deputy Technical Director, LoneStarCon 3 Sound Coordinator, Schenectady Light Opera Company
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C09A6345-B99C-4ACA-B8DA-C1B95A537464>