On 15/08/10 21.38, Dan Strick wrote:
I can get rid of the message by removing the ssl option from the user
line but then fetchmail would not even try to use ssl. Why would the
old fetchmail be better able to verify the server's ssl certificate?
Has openssl changed? Where is the openssl certificate directory and why
should the information needed to verify the server's certificate be
found on my machine? Doesn't the openssl library contain something
like a hardwired list of well known certificate authority systems?
A little bit of searching around I found this (I don't know since when):
# less /usr/src/crypto/openssl/certs/README.RootCerts
The OpenSSL project does not (any longer) include root CA certificates.
Please check out the FAQ:
* How can I set up a bundle of commercial root CA certificates?
The FAQ is here:
/usr/src/crypto/openssl/FAQ
Also, you might find this interesting:
http://fetchmail.berlios.de/fetchmail-man.html#19
Check your fetchmail settings for sslcertck, maybe it's a compile time
option to enable this by default.
Fetchmail depends on ca_root_nss, check that one too.
BR, Erik
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
