From owner-freebsd-questions@FreeBSD.ORG Thu Jan 10 18:38:35 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id D67234DA for ; Thu, 10 Jan 2013 18:38:35 +0000 (UTC) (envelope-from paul@kraus-haus.org) Received: from mail-qc0-f176.google.com (mail-qc0-f176.google.com [209.85.216.176]) by mx1.freebsd.org (Postfix) with ESMTP id 91E36F7E for ; Thu, 10 Jan 2013 18:38:35 +0000 (UTC) Received: by mail-qc0-f176.google.com with SMTP id n41so572143qco.21 for ; Thu, 10 Jan 2013 10:38:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:subject:mime-version:content-type:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=EJJCGSX2YtwQDOUdxgtaxT6TyHIbEP9wX9L48YOrLOA=; b=lcpWU7t6ZctDZ5a25RbMa7E4u5RocOsBtCcgwao27+Nn5g1i+xKCYgJxTNqb7fn4xB xaI2YYbu3ReMdqNKW2GxIVSafSdNQt2vhWFt76O+x8+747sF2gOiU6CWcdh3Ycuurug2 CBvt8dGUf1MXGednjuY2weS4rYLjkp9bl5Uk+TKcqtz6txwfuwKJv/1igSWhnZRlAX+d agg187Jz/ljF4oHPWF/7WaUcSoT0ayHpWNxbkTehC/KloEChGarK/FBONmI0r/VJ6tJE oYcJ+OsASY+XqSsPSzi26aFsWLuIvE5pw7nwA4aBVyK3V7HMFIMSCUTDHWX8p5U4WY70 YM+A== X-Received: by 10.224.177.10 with SMTP id bg10mr57886822qab.58.1357843114480; Thu, 10 Jan 2013 10:38:34 -0800 (PST) Received: from mini1.kraus-haus.org ([96.236.21.119]) by mx.google.com with ESMTPS id jy4sm1552109qeb.12.2013.01.10.10.38.33 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 10 Jan 2013 10:38:33 -0800 (PST) Subject: Re: OpenSSL Certificate issue Mime-Version: 1.0 (Apple Message framework v1085) Content-Type: text/plain; charset=us-ascii From: Paul Kraus In-Reply-To: <50EF087A.50002@FreeBSD.org> Date: Thu, 10 Jan 2013 13:38:32 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <23C1DB57-7A56-48DC-A0D0-8CF8B1CC8915@kraus-haus.org> <50EEFC7D.5070706@FreeBSD.org> <50EF087A.50002@FreeBSD.org> To: glarkin@FreeBSD.org X-Mailer: Apple Mail (2.1085) X-Gm-Message-State: ALoCoQkb8WeS0I2n41LVxl0HO5EBmlrmAfTXqM2jB2C6vD+1jdysEByOP/LJl4es7sXqLZFimtV5 Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jan 2013 18:38:35 -0000 > On 1/10/13 12:49 PM, Paul Kraus wrote: >> On Jan 10, 2013, at 12:38 PM, Greg Larkin wrote: >>=20 >>> It looks like you don't have the Gmail certificate installed >>> locally, unless I'm mistaken. >>=20 >> I do not need to have the Google cert installed as long as I have >> the Root Cert that signed it installed, and I do have that cert. >> The fact that I can point to the certificate file itself and the >> test connection works fine shows that I have the correct cert file. >> I agree that it is probably NOT installed correctly, but ... >>=20 >>> Check the instructions here, and let us know if that fixes the >>> problem for you:=20 >>> http://squeezesetup.wordpress.com/install-mail-part-2-gmail-certs/ >>=20 >>>=20 >> these instructions appear to be for Linux and not FreeBSD and there >> are configuration and path differences, which is probably the core >> of my problem. I expect that I have not installed the root certs >> into the correct directory (but they are in the directory that >> c_rehash is working in). >>=20 >>=20 >=20 > My guess is that you're using the c_rehash supplied with OpenSSL 1.x > (installed as a port?) to hash the certs and then the OpenSSL 0.9.x > binary from the base system to connect to the Gmail POP server. >=20 > Give your s_client command another try with the fully specified path > to the OpenSSL 1.x binary to see if that corrects the verification = error. That appears to be the problem, using /usr/local/bin/openssl works, but = I still need to know where the base system needs to have the certs = placed (and how to hash them as the only c_rehash script is the one that = came with the port of openssl) ? There are a number of utilities (most = important here is fetchmail) which is using the base opensssl libraries. NOTE: I did not explicitly install the openssl port, it must have been = brought in as a dependency by another port. -- Paul Kraus Deputy Technical Director, LoneStarCon 3 Sound Coordinator, Schenectady Light Opera Company