>> It seems that fetchmail doesn't enable SNI for it's TLS connection > >Try adding `--sslproto TLS1' to fetchmail's arguments.
I guess the core issue is that for Google servers when using TLS 1.2 SNI isn't required, but for TLS 1.3 it is; well, let me rephrase that. If you negotiate TLS 1.3 you get the bogus certificate if you don't send a SNI. But it seems like the 'right' solution is we should be sending a SNI to avoid this problem? --Ken -- nmh-workers https://lists.nongnu.org/mailman/listinfo/nmh-workers