On Tue, Apr 25, 2023 at 13:12:18 +0100, ckeader via Mutt-dev wrote: > This is more of a heads-up as the problem isn't in mutt per se. > > A while back, mutt stopped working correctly for me on OpenBSD, and of > course, I completely failed to take notice at which point and with which > release exactly ... > > What is the problem? When you connect to a server for the first time, mutt > prompts to accept the server cert (o)nce or (a)lways, in the latter case, > saving it into $certificate_file. If you choose to save the cert, the next > time you connect to the server, connection will fail with > > SSL failed: error:14FFF086:SSL routines:(UNKNOWN)SSL_internal:certificate > verify failed > > The workaround is to accept the certificate (o)nce, for the current session > only, every time. I verified this with two different servers and > non-overlapping certificate chains. > > My guess is that the problem is really with libressl and probably started > with OpenBSD 7.0 (libressl 3.3.4) or 6.9 (3.3.2). > > As a test, I installed openssl 1.1.1t from ports and rebuilt the mutt port > so that it configures and links against openssl. No more problem. >
I recently hit a similar issue on Gentoo when I tried building Mutt using GnuTLS (forgot to note down the versions, but I think it was Mutt 2.2.3 and GnuTLS 3.7.8 according to Portage logs). I backed out when I saw the "accept cert" prompt, though, since I wasn't sure how to proceed, and instead rebuilt it with OpenSSL since it worked before (and continues to do so today). Currently on Mutt 2.2.10. - Oskari
signature.asc
Description: PGP signature
