I don't use either email provider nor fetchmail, but from the symptoms
you've described, perhaps something like round-robin DNS is being used,
and one of the mail servers' certificates is incorrectly chained. A way
to verify this would be to look at the output of
$ dig your.gmail.server.hostname.com
and compare the output IP address when it's working to when it's not
working. If you're able to ascertain this is the issue, there are two
solutions that I can see:
1. Hardcode your /etc/hosts file with the IP address of the working host
2. Ascertain the certificate fingerprint. I'm not sure if fetchmail
allows it, but offlineimap has the ability to specify a certificate's
expected fingerprint. If you're able to simultaneously disable checking
the certificate chain, you're in business.
Not that either of these options will require you to react if
1. The IP addresses change
2. The certificate expires or is otherwise invalid
Regards,
--
Joel Buckley
On Thu, Oct 05, 2017 at 09:49:22AM +0100, Brian Salter-Duke wrote:
I use fetchmail to download emails from two different accounts into mutt. This
worked fine for years on my desktop and then my laptop when travelling. I am
currently travelling and using my laptop.
Some times I get the following output:-
fetchmail: No mail for b_d...@bigpond.net.au at pop.telstra.com
fetchmail: Server certificate verification error: unable to get local issuer
certificate
fetchmail: Broken certification chain at: /OU=GlobalSign Root CA -
R2/O=GlobalSign/CN=GlobalSign
fetchmail: This could mean that the server did not provide the intermediate
CA's certificate(s),
which is nothing fetchmail could do anything about. For details,
please see the
README.SSL-SERVER document that ships with fetchmail.
fetchmail: This could mean that the root CA's signing certificate is not in the
trusted CA
certificate location, or that c_rehash needs to be run on the
certificate directory.
For details, please see the documentation of --sslcertpath and
--sslcertfile in the
manual page.
fetchmail: OpenSSL reported: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from
brian.james.d...@gmail.com@pop.gmail.com
fetchmail: Query status=2 (SOCKET
It get the mail from bigpond account, but fails on the gmail account. On the
surface, it seems that the CA's signing certificate is corrupt. If that was the
case it would always fail. But it does not always fail. Sometimes is downloads
fine. I am using different wi-fi connections and it seems that once it starts
to fail with one wi-fi it continues to fail even after a reboot, but I am not
certain about that. With a new wi-fi it sometime works fine and then later it
fails. Sometimes it fails at first and then works. I have run c_rehash and that
does change anything. I can of course read gmail mail in firefox, but I want to
download it.
Can anyone throw any light on this?
Regards to all mutters, Brian.
--
Brian Salter-Duke (Brian Duke) Email: brian.james.d...@gmail.com
Web: http://www.salter-duke.bigpondhosting.com/brian/index.htm
