Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 11 May 2015 19:41:13 -0400
From:      Ernie Luzar <luzar722@gmail.com>
To:        freebsd-questions@freebsd.org
Cc:        freebsd-questions-local@be-well.ilk.org
Subject:   Re: Certificate error
Message-ID:  <55513E19.3010103@gmail.com>
In-Reply-To: <441timg662.fsf@be-well.ilk.org>
References:  <554FC878.7070401@gmail.com> <55501D92.2020102@radel.com>	<5550C454.60202@gmail.com> <555105BA.4010702@radel.com>	<5551153A.4000800@gmail.com> <441timg662.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
   Lowell Gilbert wrote:

Ernie Luzar [1]<luzar722@gmail.com> writes:


When I run fetchmail againest my ISP mail pop server it runs fine and
populates my postfix server and shows basically the same log
sequence.

Your ISP's POP server has a certificate signed by a certificate
authority that fetchmail trusts.


          I just change the poll  and user statements in
.fetchmailrc.

Your personal POP server does *not* have a certificate signed by a
certificate authority that fetchmail trusts.

Please answer the following question as directly as you can: how did you
configure fetchmail to accept the certificate being used by your
personal POP server?

The normal way you configure fetchmail to accept a self-signed
certificate is by using the "sslfingerprint" option in your
.fetchmailrc file. Have you done this?



   No
   When I tried to get the fingerprint source
   openssl s_client -connect pop.a1poweruser.com:110 -showcerts
   CONNECTED(00000003)
   675508300:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
   protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_cln
   t.c:795:
   ---
   no peer certificate available
   ---
   No client certificate CA names sent
   ---
   SSL handshake has read 7 bytes and written 307 bytes
   ---
   New, (NONE), Cipher is (NONE)
   Secure Renegotiation IS NOT supported
   Compression: NONE
   Expansion: NONE
   ---
   I thought qpopper would have launched TLS when s_client connected. At a
   lost of what to do next.
   Here is my qpopper.conf
   set server-mode = true
   set statistics = true
   set shy = true
   set fast-update = true
   set reverse-lookup = false
   set log-facility = mail
   set tls-support = stls
   set clear-text-password = tls
   set tls-server-cert-file = /usr/local/etc/qpopper/fme-cert.pem
   set tls-private-key-file = /usr/local/etc/qpopper/fme-key.pem

References

   1. mailto:luzar722@gmail.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55513E19.3010103>