I have used: fetchmail --verbose --sslcertpath="/etc/ssl/certs" --sslcertck --proto POP3 --mda "rcvstore -sequence gmail +inbox" --logfile /var/tmp/gmail.log pop.gmail.com
to get my gmail downloaded for some time now. It seems that fetchmail doesn't enable SNI for it's TLS connection, and I don't see any new versions of fetchmail in years. It looks like pop.gmail.com wants SNI: fetchmail: Trying to connect to 2607:f8b0:4001:c16::6c/995...connected. fetchmail: Server certificate: fetchmail: Unknown Organization fetchmail: Issuer CommonName: invalid2.invalid fetchmail: Subject CommonName: invalid2.invalid fetchmail: Server CommonName mismatch: invalid2.invalid != pop.gmail.com fetchmail: pop.gmail.com key fingerprint: 90:4A:C8:D5:44:5A:D0:6A:8A:10:FF:CD:8B:11:BE:16 fetchmail: Server certificate verification error: self signed certificate fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid [nice hack to send a message back to the user Google...] I don't think that inc has any TLS support. (kerberos support, yes) Maybe there are other ways to skin this cat? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
-- nmh-workers https://lists.nongnu.org/mailman/listinfo/nmh-workers