[msmtp-users] Fingerprints do not match - how to fix??

Tue, 26 Jan 2016 20:21:31 -0800 

I installed msmtp on opensuse 13.2 using yast from the package repository.
My msmtprc file looks like:

defaults
tls on
tls_starttls on
#tls_trust_file /etc/ssl/certs/ca-certificates.crt
tls_certcheck off

account default
host smtp.gmail.com
port 587
auth on
user m...@gmail.com
password my_pw
from m...@gmail.com
logfile /var/log/msmtp.log

When I have the following in the mstmprc file: tls_trust_file
/etc/ssl/certs/ca-certificates.crt
I get the following error:
cannot load trust file /etc/ssl/certs/ca-certificates.crt:
error:2D06C06E:FIPS routines:FIPS_module_mode_set:fingerprint does not match

If I comment out the line and add tls_certcheck off, the program works,
e.g. I get mail at gmail.

On the opensuse side I updated the following certs from the repository:
cd-certificates
ca-certificates-cacert
cd-certificates-mozilla
mozilla-nss
mozilla-nss-certs


>From the CL I issued:
msmtp --serverinfo --tls --tls-certcheck=off
and got:
SMTP server at smtp.gmail.com (qm-in-f108.1e100.net [173.194.205.108]),
port 587:
    smtp.gmail.com ESMTP f3sm1907217qge.44 - gsmtp
TLS certificate information:
    Owner:
        Common Name: smtp.gmail.com
        Organization: Google Inc
        Locality: Mountain View
        State or Province: California
        Country: US
    Issuer:
        Common Name: Google Internet Authority G2
        Organization: Google Inc
        Country: US
    Validity:
        Activation time: Fri 15 Jan 2016 07:12:17 AM EST
        Expiration time: Wed 13 Apr 2016 08:00:00 PM EDT
    Fingerprints:
        SHA1: D0:7E:B3:BB:1D:1C:72:A5:89:41:42:AA:4F:24:CC:F5:3A:8B:45:D0
        MD5:  E3:02:FE:B1:5E:09:08:85:07:5F:1E:78:79:9E:63:C4
Capabilities:
    SIZE 35882577:
        Maximum message size is 35882577 bytes = 34.22 MiB
    PIPELINING:
        Support for command grouping for faster transmission
    STARTTLS:
        Support for TLS encryption via the STARTTLS command
    AUTH:
        Supported authentication methods:
        PLAIN LOGIN

So the fingerprints are basically a checksum....yea, OK but I don't know
how to fix this problem....I am a novice in security/cert mgmt, Can someone
tell me what needs to be done to resolve the issue?Thanks
J

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
msmtp-users mailing list
msmtp-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/msmtp-users

Reply via email to