FS#60974 - [fetchmail] problem with self-signed certificates on pop.gmail.com
Attached to Project:
Arch Linux
Opened by Peter Feigl (ecraven) - Wednesday, 05 December 2018, 14:21 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 05 December 2018, 14:35 GMT
Opened by Peter Feigl (ecraven) - Wednesday, 05 December 2018, 14:21 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 05 December 2018, 14:35 GMT
|
Details
Description:
fetchmail raises the following warning for pop.gmail.com: fetchmail: Server certificate verification error: self signed certificate fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!) This seems to be connected to the openssl version, ubuntu and redhat have fixed this: https://bugzilla.redhat.com/show_bug.cgi?id=1611815 Could this patch be used on the arch fetchmail too? Steps to reproduce: run fetchmail against pop.gmail.com |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Wednesday, 05 December 2018, 14:35 GMT
Reason for closing: Duplicate
Additional comments about closing: FS#60038
Wednesday, 05 December 2018, 14:35 GMT
Reason for closing: Duplicate
Additional comments about closing:
See
FS#60038(which this is a duplicate of) for more details. Note that after the reporter ofFS#60038asked for clarification from the upstream fetchmail developer, said developer took the time to visit both bugtrackers and demand that that patch not be used (and inform Fedora to back out the patch in their package).There was a real fix in upstream git master for like a year before that, too.