On Sun, Oct 24, 2010 at 09:10:44 -0600, Joseph wrote:
> I just commented out the lines:
> sslcertck
> sslcertpath /etc/ssl/certs/
>
If you disable the "sslcertck", then fetchmail won't abort the
connection if the certificate validation fails. In other words, if
someone does trick your
On 10/24/10 07:33, Nathan Stratton Treadway wrote:
On Sat, Oct 23, 2010 at 22:23:37 -0600, Joseph wrote:
Yes, it works with all options now:
...
ssl
sslproto 'TLS1'
sslcertck
sslcertpath /etc/ssl/certs/
Right, but I'm wondering if the "sslcertpath /etc/ssl/certs/" line is
On Sat, Oct 23, 2010 at 22:23:37 -0600, Joseph wrote:
>
> Yes, it works with all options now:
> ...
> ssl
> sslproto 'TLS1'
> sslcertck
> sslcertpath /etc/ssl/certs/
Right, but I'm wondering if the "sslcertpath /etc/ssl/certs/" line is
even needed; that directory should just b
On Sat, Oct 23, 2010 at 12:57:39 -0600, Joseph wrote:
> I used this command to obtain the certificates:
> openssl s_client -connect pop.gmail.com:995 -showcerts
>
> So I assumed the top certificate is Google
> the bottom one is Equifax
> Can anybody verify it? Someone suggested that the bottom one
glad you got it working Joseph.
pgphR3kVlAaUf.pgp
Description: PGP signature
* Joseph [2010-10-23 22:42 -0600]:
It wasn't the certificate problem, I think it was fetchmail was missing some
links or options.
I re-compile fetchmail, openssl and the problem is solved. All is
working, as it should.
Problem solved. Congratulations.
Breen
--
Breen Mullins
b...@sdf.org
On 10/23/10 21:39, Breen Mullins wrote:
* Joseph [2010-10-23 21:35 -0600]:
What is causing the problem is the: sslcertck
If I comment it out, it keep complaining about the certificate but connection
goes through.
So you can either comment out sslcertck and move on (perfectly
reasonable, I
* Joseph [2010-10-23 21:35 -0600]:
What is causing the problem is the: sslcertck
If I comment it out, it keep complaining about the certificate but connection
goes through.
So you can either comment out sslcertck and move on (perfectly
reasonable, I think) or try to fix this.
If you wan
On 10/24/10 00:05, Nathan Stratton Treadway wrote:
On Sat, Oct 23, 2010 at 21:56:51 -0600, Joseph wrote:
I'm using openssl-1.0.0a-r3
I rebuild openssl, all hashes were rebuild, in addition I've reinstall
"fetchmail" and I think this solved the problem.
When I pull the mail I no don't get any c
On Sat, Oct 23, 2010 at 21:56:51 -0600, Joseph wrote:
> I'm using openssl-1.0.0a-r3
>
> I rebuild openssl, all hashes were rebuild, in addition I've reinstall
> "fetchmail" and I think this solved the problem.
>
> When I pull the mail I no don't get any certificate errors.
Cool.
Does it work w
On 10/23/10 23:45, Nathan Stratton Treadway wrote:
On Sat, Oct 23, 2010 at 20:54:39 -0600, Joseph wrote:
If I comment-out the last two lines:
sslcertck
sslcertpath /etc/ssl/certs/
it complains on certificate but I can fetch the mail.
Yes, by removing the "sslcertck" you're letti
On Sat, Oct 23, 2010 at 20:54:39 -0600, Joseph wrote:
> If I comment-out the last two lines:
>sslcertck
>sslcertpath /etc/ssl/certs/
>
> it complains on certificate but I can fetch the mail.
Yes, by removing the "sslcertck" you're letting fetchmail continue with
the session even t
On 10/23/10 19:10, Breen Mullins wrote:
* Patrick Shanahan [2010-10-23 19:37 -0400]:
why do you need it, ie:
poll imap.gmail.com tracepolls with proto IMAP timeout 45
user '@gmail.com' there with password 'passwd' is
'' here options fetchall stripcr ssl
mda '/usr/lib/sendmail -i -oem -f
On Sat, Oct 23, 2010 at 21:00:51 -0600, Joseph wrote:
> I get:
> 578d5c04
> SHA1 Fingerprint=D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
>
> So this seems to be correct.
Yes, you have the correct fingerprint, but your hash is different than
mine...
>
> It seems to I have them a
On 10/23/10 21:21, Nathan Stratton Treadway wrote:
On Sat, Oct 23, 2010 at 14:53:42 -0600, Joseph wrote:
> * run "c_rehash ." within that cert directory. That should
> create a symlink named 594f1775.0 pointing to the .pem file.
Though my link was named: 578d5c04.0 -> Equifax_Secure_CA.pem
On 10/24/10 00:07, Jamie Paul Griffin wrote:
I have had this working for ages and I do not have time to think about
it, but I have the equivalent of syscon...@gmail.com, not syscon780 or
syscon...@gmail.com@pop.gmail.com. I also have sslcertck after ssl. I do
not know whether that would help.
F
On 10/23/10 22:48, Jamie Paul Griffin wrote:
if you do download that cert, you would then need to use something like this
command on it:
openssl x509 -in Equifax_Secure_certificate_Authority.pem -fingerprint -subject
-issuer -serial -hash -noout
Then, put it into your ~./certs directory ans r
* Patrick Shanahan [2010-10-23 19:37 -0400]:
why do you need it, ie:
poll imap.gmail.com tracepolls with proto IMAP timeout 45
user '@gmail.com' there with password 'passwd' is
'' here options fetchall stripcr ssl
mda '/usr/lib/sendmail -i -oem -f %F %T'
He's using sslcertck as recomme
On Sat, Oct 23, 2010 at 14:53:42 -0600, Joseph wrote:
> > * run "c_rehash ." within that cert directory. That should
> > create a symlink named 594f1775.0 pointing to the .pem file.
>
> Though my link was named: 578d5c04.0 -> Equifax_Secure_CA.pem
That's wierd. What does
openssl x509 -hash
On 10/22/10 23:21, Joseph wrote:
I'm using fetchmail to pull mail from google but lately I've been getting this
error:
fetchmail: Server certificate verification error: unable to get local issuer
certificate
fetchmail: This means that the root signing certificate (issued for
/C=US/O=Google In
> I have had this working for ages and I do not have time to think about
> it, but I have the equivalent of syscon...@gmail.com, not syscon780 or
> syscon...@gmail.com@pop.gmail.com. I also have sslcertck after ssl. I do
> not know whether that would help.
From the info i've read, it definitely sh
On Sat, Oct 23, 2010 at 09:08:52AM -0600, Joseph wrote:
> On 10/23/10 08:53, Harry Strongburg wrote:
>> On Sat, Oct 23, 2010 at 12:15:23AM -0600, Joseph wrote:
>>> fetchmail: socket error while fetching from
>>> syscon...@gmail.com@pop.gmail.com
>> Silly mistake there! :)
>>
>> Fetchmail 'user' re
if you do download that cert, you would then need to use something like this
command on it:
openssl x509 -in Equifax_Secure_certificate_Authority.pem -fingerprint -subject
-issuer -serial -hash -noout
Then, put it into your ~./certs directory ans reshash it. (Thought i'd mention
that, you prob
> Yes, I have this package install, and tried to use dir: '/etc/ssl/certs'
> but it doesn't help.
Sorry, I hadn't checked earlier replies where Nathan had already suggested that
idea. There's a link to the cert you require on Google:
http://geotrust.com/resources/_root_certificates/certificate
On 10/23/10 21:17, Jamie Paul Griffin wrote:
I'm confused. Where do I get: equifax.pem certificate?
I think Gentoo have a ca-certs-type package in thier repository don't they?
'app-misc/ca-certificates'
Surely that would have the equifax certificate you need?
Yes, I have this package
On 10/23/10 16:06, Nathan Stratton Treadway wrote:
[snip]
As I mentioned before, I haven't had to install private copies of the
root CA certificate myself, but as far as I understand the following
should work:
* clear out the files currently in ~/.mutt/cert (you can save them
somewhere els
> I'm confused. Where do I get: equifax.pem certificate?
I think Gentoo have a ca-certs-type package in thier repository don't they?
'app-misc/ca-certificates'
Surely that would have the equifax certificate you need?
pgpczl3AVIzQW.pgp
Description: PGP signature
On Sat, Oct 23, 2010 at 00:15:23 -0600, Joseph wrote:
> I've found this tutorial but it is not working. My certificate is not
> recognized http://www.axllent.org/docs/networking/gmail_pop3_with_fetchmail
Yeah, that writeup appears to be both incorrect (as mentioned in the
comments) and outdated (
On 10/23/10 12:34, Breen Mullins wrote:
* Joseph [2010-10-23 12:50 -0600]:
I'm using command:
openssl s_client -connect pop.gmail.com:995 -showcerts
and it printed out:
copy---
CONNECTED(0003)
depth=1 C = US, O = Google Inc, CN = Google Internet Authority
verify error
* Joseph [2010-10-23 12:50 -0600]:
I'm using command:
openssl s_client -connect pop.gmail.com:995 -showcerts
and it printed out:
copy---
CONNECTED(0003)
depth=1 C = US, O = Google Inc, CN = Google Internet Authority
verify error:num=20:unable to get local issuer certif
On Fri, Oct 22, 2010 at 11:21:22PM -0600, Joseph wrote:
> I'm using fetchmail to pull mail from google but lately I've been getting
> this error:
>
> fetchmail: Server certificate verification error: unable to get local issuer
> certificate
> fetchmail: This means that the root signing certifica
On 10/23/10 11:25, Nathan Stratton Treadway wrote:
On Sat, Oct 23, 2010 at 09:08:52 -0600, Joseph wrote:
I've removed the domain name, now the line looks like:
poll pop.gmail.com with proto POP3 and options no dns user 'syscon780'
password '' options ssl sslcertpath /home/joseph/.mut
On Sat, Oct 23, 2010 at 09:08:52 -0600, Joseph wrote:
> I've removed the domain name, now the line looks like:
> poll pop.gmail.com with proto POP3 and options no dns user 'syscon780'
> password '' options ssl sslcertpath /home/joseph/.mutt/cert/
>
> but it still complains, certificat
On 10/23/10 08:53, Harry Strongburg wrote:
On Sat, Oct 23, 2010 at 12:15:23AM -0600, Joseph wrote:
fetchmail: socket error while fetching from syscon...@gmail.com@pop.gmail.com
Silly mistake there! :)
Fetchmail 'user' requires you do NOT have a domain-name added onto it.
The domain-name is sup
On Sat, Oct 23, 2010 at 12:15:23AM -0600, Joseph wrote:
> fetchmail: socket error while fetching from syscon...@gmail.com@pop.gmail.com
Silly mistake there! :)
Fetchmail 'user' requires you do NOT have a domain-name added onto it.
The domain-name is supplied at the "poll" argument.
Have fun.
On 10/22/10 23:21, Joseph wrote:
I'm using fetchmail to pull mail from google but lately I've been getting this
error:
fetchmail: Server certificate verification error: unable to get local issuer
certificate
fetchmail: This means that the root signing certificate (issued for
/C=US/O=Google In
I'm using fetchmail to pull mail from google but lately I've been getting this
error:
fetchmail: Server certificate verification error: unable to get local issuer
certificate
fetchmail: This means that the root signing certificate (issued for /C=US/O=Google Inc/CN=Google Internet Authority) is
37 matches
Mail list logo