On 1/21/24 11:09, Walter Dnes wrote:
On Sun, Jan 21, 2024 at 12:05:45PM +0000, Michael wrote
Anyway, to take you forward you can:
1. Keyword the latest gnutls package in case the gnutls verification criteria
have been loosened.
2. Copy the Root CA into the users ~/ and point muttrc to it:
set certificate_file = "~/.mutt/certificates"
3. If everything else fails, having verified yourself the server's
Root CA and child certificates are all legit you can set:
unset ssl_verify_host
Obviously this would not be satisfactory from a security perspective.
Nothing above works, and I wonder if it's something at my end. I keep
getting the same message...
gnutls_handshake: A packet with illegal or unsupported version was received.
The current net-libs/gnutls-3.8.0 ebuild (and 3.8.1 and 3.8.2) has
sslv2 and sslv3 enabled in IUSE ...but... "emerge -pv gnutls" shows
them hard-masked. Is my system forcing sslv1 and the server rejecting me???
[ebuild R ] net-libs/gnutls-3.8.0:0/30.30::gentoo USE="cxx idn nls openssl
seccomp tls-heartbeat tools zlib -brotli -dane -doc -examples -pkcs11 (-sslv2) (-sslv3)
-static-libs -test (-test-full) -verify-sig -zstd" 0 KiB
I'm no expert, but I think you are mixing versions of SSL and versions
of TLS. It seems both sslv2 and sslv3 have been deprecated, and my weak
memory says they were replaced by TLS. Now it looks like you are having
problems trying to use an older TLS which has been replaced by a newer
TLS, although there are no direct use flags for that.
Do you get the same? Do I have to set something in...
make menuconfig
-*- Cryptographic API --->
"emerge -pv mutt"
[ebuild R ] mail-client/mutt-2.2.12::gentoo USE="debug gnutls gpgme hcache
imap lmdb mbox nls pop sasl smtp ssl -autocrypt -berkdb -doc -gdbm -gsasl -idn -kerberos
-pgp-classic (-prefix) -qdbm (-selinux) -slang -smime-classic -tokyocabinet
-vanilla" 0 KiB
I copied certificates from x.txt to .mutt/certificates (see
attachment). Is this correct? And how do I securely pass credentials?
