glad you got it working Joseph.
pgphR3kVlAaUf.pgp
Description: PGP signature
On Sat, Oct 23, 2010 at 12:57:39 -0600, Joseph wrote:
I used this command to obtain the certificates:
openssl s_client -connect pop.gmail.com:995 -showcerts
So I assumed the top certificate is Google
the bottom one is Equifax
Can anybody verify it? Someone suggested that the bottom one is
On Sat, Oct 23, 2010 at 22:23:37 -0600, Joseph wrote:
Yes, it works with all options now:
...
ssl
sslproto 'TLS1'
sslcertck
sslcertpath /etc/ssl/certs/
Right, but I'm wondering if the sslcertpath /etc/ssl/certs/ line is
even needed; that directory should just be the
On 10/24/10 07:33, Nathan Stratton Treadway wrote:
On Sat, Oct 23, 2010 at 22:23:37 -0600, Joseph wrote:
Yes, it works with all options now:
...
ssl
sslproto 'TLS1'
sslcertck
sslcertpath /etc/ssl/certs/
Right, but I'm wondering if the sslcertpath /etc/ssl/certs/ line is
On Sun, Oct 24, 2010 at 09:10:44 -0600, Joseph wrote:
I just commented out the lines:
sslcertck
sslcertpath /etc/ssl/certs/
If you disable the sslcertck, then fetchmail won't abort the
connection if the certificate validation fails. In other words, if
someone does trick your
On 10/22/10 23:21, Joseph wrote:
I'm using fetchmail to pull mail from google but lately I've been getting this
error:
fetchmail: Server certificate verification error: unable to get local issuer
certificate
fetchmail: This means that the root signing certificate (issued for
/C=US/O=Google
On Sat, Oct 23, 2010 at 12:15:23AM -0600, Joseph wrote:
fetchmail: socket error while fetching from syscon...@gmail.com@pop.gmail.com
Silly mistake there! :)
Fetchmail 'user' requires you do NOT have a domain-name added onto it.
The domain-name is supplied at the poll argument.
Have fun.
On 10/23/10 08:53, Harry Strongburg wrote:
On Sat, Oct 23, 2010 at 12:15:23AM -0600, Joseph wrote:
fetchmail: socket error while fetching from syscon...@gmail.com@pop.gmail.com
Silly mistake there! :)
Fetchmail 'user' requires you do NOT have a domain-name added onto it.
The domain-name is
On Sat, Oct 23, 2010 at 09:08:52 -0600, Joseph wrote:
I've removed the domain name, now the line looks like:
poll pop.gmail.com with proto POP3 and options no dns user 'syscon780'
password '' options ssl sslcertpath /home/joseph/.mutt/cert/
but it still complains, certificate
On 10/23/10 11:25, Nathan Stratton Treadway wrote:
On Sat, Oct 23, 2010 at 09:08:52 -0600, Joseph wrote:
I've removed the domain name, now the line looks like:
poll pop.gmail.com with proto POP3 and options no dns user 'syscon780'
password '' options ssl sslcertpath
On Fri, Oct 22, 2010 at 11:21:22PM -0600, Joseph wrote:
I'm using fetchmail to pull mail from google but lately I've been getting
this error:
fetchmail: Server certificate verification error: unable to get local issuer
certificate
fetchmail: This means that the root signing certificate
* Joseph syscon...@gmail.com [2010-10-23 12:50 -0600]:
I'm using command:
openssl s_client -connect pop.gmail.com:995 -showcerts
and it printed out:
copy---
CONNECTED(0003)
depth=1 C = US, O = Google Inc, CN = Google Internet Authority
verify error:num=20:unable to get
On 10/23/10 12:34, Breen Mullins wrote:
* Joseph syscon...@gmail.com [2010-10-23 12:50 -0600]:
I'm using command:
openssl s_client -connect pop.gmail.com:995 -showcerts
and it printed out:
copy---
CONNECTED(0003)
depth=1 C = US, O = Google Inc, CN = Google Internet
On Sat, Oct 23, 2010 at 00:15:23 -0600, Joseph wrote:
I've found this tutorial but it is not working. My certificate is not
recognized http://www.axllent.org/docs/networking/gmail_pop3_with_fetchmail
Yeah, that writeup appears to be both incorrect (as mentioned in the
comments) and outdated
I'm confused. Where do I get: equifax.pem certificate?
I think Gentoo have a ca-certs-type package in thier repository don't they?
'app-misc/ca-certificates'
Surely that would have the equifax certificate you need?
pgpczl3AVIzQW.pgp
Description: PGP signature
On 10/23/10 16:06, Nathan Stratton Treadway wrote:
[snip]
As I mentioned before, I haven't had to install private copies of the
root CA certificate myself, but as far as I understand the following
should work:
* clear out the files currently in ~/.mutt/cert (you can save them
somewhere
On 10/23/10 21:17, Jamie Paul Griffin wrote:
I'm confused. Where do I get: equifax.pem certificate?
I think Gentoo have a ca-certs-type package in thier repository don't they?
'app-misc/ca-certificates'
Surely that would have the equifax certificate you need?
Yes, I have this
Yes, I have this package install, and tried to use dir: '/etc/ssl/certs'
but it doesn't help.
Sorry, I hadn't checked earlier replies where Nathan had already suggested that
idea. There's a link to the cert you require on Google:
if you do download that cert, you would then need to use something like this
command on it:
openssl x509 -in Equifax_Secure_certificate_Authority.pem -fingerprint -subject
-issuer -serial -hash -noout
Then, put it into your ~./certs directory ans reshash it. (Thought i'd mention
that, you
On Sat, Oct 23, 2010 at 09:08:52AM -0600, Joseph wrote:
On 10/23/10 08:53, Harry Strongburg wrote:
On Sat, Oct 23, 2010 at 12:15:23AM -0600, Joseph wrote:
fetchmail: socket error while fetching from
syscon...@gmail.com@pop.gmail.com
Silly mistake there! :)
Fetchmail 'user' requires you do
I have had this working for ages and I do not have time to think about
it, but I have the equivalent of syscon...@gmail.com, not syscon780 or
syscon...@gmail.com@pop.gmail.com. I also have sslcertck after ssl. I do
not know whether that would help.
From the info i've read, it definitely
On 10/22/10 23:21, Joseph wrote:
I'm using fetchmail to pull mail from google but lately I've been getting this
error:
fetchmail: Server certificate verification error: unable to get local issuer
certificate
fetchmail: This means that the root signing certificate (issued for
/C=US/O=Google
On Sat, Oct 23, 2010 at 14:53:42 -0600, Joseph wrote:
* run c_rehash . within that cert directory. That should
create a symlink named 594f1775.0 pointing to the .pem file.
Though my link was named: 578d5c04.0 - Equifax_Secure_CA.pem
That's wierd. What does
openssl x509 -hash
* Patrick Shanahan ptilopt...@gmail.com [2010-10-23 19:37 -0400]:
why do you need it, ie:
poll imap.gmail.com tracepolls with proto IMAP timeout 45
user 'user@gmail.com' there with password 'passwd' is
'user' here options fetchall stripcr ssl
mda '/usr/lib/sendmail -i -oem -f %F %T'
On 10/23/10 22:48, Jamie Paul Griffin wrote:
if you do download that cert, you would then need to use something like this
command on it:
openssl x509 -in Equifax_Secure_certificate_Authority.pem -fingerprint -subject
-issuer -serial -hash -noout
Then, put it into your ~./certs directory ans
On 10/24/10 00:07, Jamie Paul Griffin wrote:
I have had this working for ages and I do not have time to think about
it, but I have the equivalent of syscon...@gmail.com, not syscon780 or
syscon...@gmail.com@pop.gmail.com. I also have sslcertck after ssl. I do
not know whether that would help.
On 10/23/10 21:21, Nathan Stratton Treadway wrote:
On Sat, Oct 23, 2010 at 14:53:42 -0600, Joseph wrote:
* run c_rehash . within that cert directory. That should
create a symlink named 594f1775.0 pointing to the .pem file.
Though my link was named: 578d5c04.0 - Equifax_Secure_CA.pem
On Sat, Oct 23, 2010 at 21:00:51 -0600, Joseph wrote:
I get:
578d5c04
SHA1 Fingerprint=D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
So this seems to be correct.
Yes, you have the correct fingerprint, but your hash is different than
mine...
It seems to I have them all:
On 10/23/10 19:10, Breen Mullins wrote:
* Patrick Shanahan ptilopt...@gmail.com [2010-10-23 19:37 -0400]:
why do you need it, ie:
poll imap.gmail.com tracepolls with proto IMAP timeout 45
user 'user@gmail.com' there with password 'passwd' is
'user' here options fetchall stripcr ssl
mda
On Sat, Oct 23, 2010 at 20:54:39 -0600, Joseph wrote:
If I comment-out the last two lines:
sslcertck
sslcertpath /etc/ssl/certs/
it complains on certificate but I can fetch the mail.
Yes, by removing the sslcertck you're letting fetchmail continue with
the session even though
On 10/23/10 23:45, Nathan Stratton Treadway wrote:
On Sat, Oct 23, 2010 at 20:54:39 -0600, Joseph wrote:
If I comment-out the last two lines:
sslcertck
sslcertpath /etc/ssl/certs/
it complains on certificate but I can fetch the mail.
Yes, by removing the sslcertck you're
On Sat, Oct 23, 2010 at 21:56:51 -0600, Joseph wrote:
I'm using openssl-1.0.0a-r3
I rebuild openssl, all hashes were rebuild, in addition I've reinstall
fetchmail and I think this solved the problem.
When I pull the mail I no don't get any certificate errors.
Cool.
Does it work with
On 10/24/10 00:05, Nathan Stratton Treadway wrote:
On Sat, Oct 23, 2010 at 21:56:51 -0600, Joseph wrote:
I'm using openssl-1.0.0a-r3
I rebuild openssl, all hashes were rebuild, in addition I've reinstall
fetchmail and I think this solved the problem.
When I pull the mail I no don't get any
* Joseph syscon...@gmail.com [2010-10-23 21:35 -0600]:
What is causing the problem is the: sslcertck
If I comment it out, it keep complaining about the certificate but connection
goes through.
So you can either comment out sslcertck and move on (perfectly
reasonable, I think) or try to
On 10/23/10 21:39, Breen Mullins wrote:
* Joseph syscon...@gmail.com [2010-10-23 21:35 -0600]:
What is causing the problem is the: sslcertck
If I comment it out, it keep complaining about the certificate but connection
goes through.
So you can either comment out sslcertck and move on
* Joseph syscon...@gmail.com [2010-10-23 22:42 -0600]:
It wasn't the certificate problem, I think it was fetchmail was missing some
links or options.
I re-compile fetchmail, openssl and the problem is solved. All is
working, as it should.
Problem solved. Congratulations.
Breen
--
Breen
I'm using fetchmail to pull mail from google but lately I've been getting this
error:
fetchmail: Server certificate verification error: unable to get local issuer
certificate
fetchmail: This means that the root signing certificate (issued for /C=US/O=Google Inc/CN=Google Internet Authority) is
37 matches
Mail list logo