Geoff Sweet wrote: > and last but not least, here is my test from openssl. Mind you this > fails as a "BAD" ssl cert in Evolution. > > :~$ openssl s_client -ssl2 -connect pop.x10.com:995
Try -ssl3 here; you'll see more. > CONNECTED(00000003) > depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology, > Inc./OU=Information Technology/OU=Terms of use at www.verisign.com/rpa > (c)05/CN=pop.x10.com > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology, > Inc./OU=Information Technology/OU=Terms of use at www.verisign.com/rpa > (c)05/CN=pop.x10.com > verify error:num=27:certificate not trusted > verify return:1 > depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology, > Inc./OU=Information Technology/OU=Terms of use at www.verisign.com/rpa > (c)05/CN=pop.x10.com > verify error:num=21:unable to verify the first certificate > verify return:1 > 21568:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher > list:s2_clnt.c:450: > > As you can see, the certificate clearly fails. I don't know how to make > this work at this point. Any thoughts or advice would be greatly > appreciated. The cert fails because s_client(1) cannot find the root CA's you've chosen to trust. The same test will fail even with gmail's IMAP and POP3 servers. See the s_client(1) man page for the CApath and CAfile flags. -- Sahil Tandon <sa...@tandon.net>