I'm sorry that nobody seems to have answered your question about OpenSSL
security certificates. There are numerous sets of CA certificates for
OpenSSL floating around, mostly from various release distributions of
OpenSSL. If you download the OpenSSL sources from Apple or OpenSSL.org
you will find them in the openssl/certs directory.
I wasn't aware that we distributed any CA certificates with Pine. We're
not in the CA certificate distribution business; and quite frankly you
really don't want to use CA certificates from us or any other non-primary
source.
For what it's worth, I see the same problem on my Mac; apparently we are
both missing the CA certificate for Equifax. My Linux system at work has
that certificate, but Linux OpenSSL uses ca-bundle instead of .pem files,
and I haven't gotten around to working out how to go between one and the
other (the less I deal with certificate files, the happier I am).
I have no idea what Apple Mail does; nor if it uses OpenSSL or some other
program.
Some nice person will probably figure this all out, and come up with a
document on what to do. I can only tell you that the UW IMAP software is
working properly, and that I'm not in the CA certificate business. Sadly,
nobody else seems to be stepping up to the plate and answer these CA
certificate questions... ;-(
I suggest that you pose your question to an OpenSSL forum. Basically,
what you want are a good set of OpenSSL CA certificates to put on your
/System/Library/OpenSSL/certs directory.
On Thu, 14 Dec 2006, Jean-Francois Ducarroz wrote:
Hi,
I've enabled SSL support for my mail client application written using
c-client 2004g on Mac OS 10.4. I can successfully establish an SSL POP or
SMTP
connection to gmail but I am not able to validate their certificate! The
errors I am getting are:
ssl_certificate_query: reason=unable to get local issuer certificate
host=pop.gmail.com
cert=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
ssl_certificate_query: reason=certificate not trusted
host=pop.gmail.com
cert=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
ssl_certificate_query: reason=unable to verify the first certificate
host=pop.gmail.com
cert=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
I did not have any certs installed in /System/Library/OpenSSL/certs/ on
my system and therefore I though it was the problem. But after
installing the certs that come with MacPine it still does not work! Here
is the list of the cert in the folder:
052eae11.0 73912336.0 a99c5886.0 expired thawteCp.pem
18d46017.0 7651b327.0 adbec561.0 f3e90025.0 timCA.pem
1ef89214.0 8c401b31.0 b5f329fa.0 f73e89fd.0 tjhCA.pem
1f6c59cd.0 8caad35e.0 c33a80d4.0 factory.pem vsign1.pem
24867d38.0 ICE-CA.pem ca-cert.pem nortelCA.pem vsign2.pem
2edf7016.0 ICE-root.pem ddc328ff.0 pca-cert.pem vsign3.pem
3ecf89a3.0 ICE-user.pem dsa-ca.pem rsa-cca.pem vsignss.pem
6bee6be3.0 ICE.crl dsa-pca.pem thawteCb.pem vsigntca.pem
Note that Apple Mail seems to be able to validate the Google certificate
as is does not complain (it does complains for another one for which
ThunderBird does the same) I am not sure if Apple Mail uses OpenSSL as well!
Any idea what I might be doing wrong?
How can I figure out if I am just missing a certificate of if c-client
is just not configured correctly?
Where can I get more certificates?
Thanks,
Jean-François Ducarroz
_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
-- Mark --
http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.
_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw