Thanks guys. I suspect I'm about to regret my lack of time mucking about with tls on plan9:
% upas/fs -f /imaps/imap.gmail.com/sstall...@gmail.com upas/fs: opening /imaps/imap.gmail.com/sstall...@gmail.com: imap.gmail.com/imaps:tlsClient: tls: local invalid x509/rsa certificate % cat /sys/lib/tls/mail x509 sha1=f0d1545c78815ee782d479b48841f24afa217c35 To verify, I pulled the server fingerprint using OpenSSL: % openssl s_client -connect imap.gmail.com:993 </dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin SHA1 Fingerprint=F0:D1:54:5C:78:81:5E:E7:82:D4:79:B4:88:41:F2:4A:FA:21:7C:35 Any other ideas? Steve On Thu, Nov 28, 2019 at 10:01 AM David du Colombier <0in...@gmail.com> wrote: > > The TLS implementation on Plan 9 doesn't verify X.509 certificate chain, > so the certificate bundle isn't useful. It's only used by Go programs. > > However, you need to add the server certificate fingerprint to > /sys/lib/tls/mail, > as Steve Simon said. > > -- > David du Colombier ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Te20476748ab5e4ba-Me32c28e70a24492387b4631b Delivery options: https://9fans.topicbox.com/groups/9fans/subscription