fetchmail authentication error
- From: Haines Brown <brownh@xxxxxxxxxxxxxxxx>
- Date: Thu, 31 Jan 2008 15:14:18 -0500
For some time I've been running fetchmail and getting the warning:
"upgrade to TLS failed." I was told I could ignore it, for fetchmail can
only use TLS (Transpost Layer Security protocol) if it's compiled with
SSL support, which my binary version does not support. I'm using
fetchmail 6.3.6.1etch1.
I've also had the error: "Server CommonName mismatch: localhost !=
pop.hartford-hwp.com", but this didn't keep fetchmail from working.
I suspect the From: line of this message has some odd garbage, and this
may be related to my authentication problem, but I've no idea how to
proceed to repair it.
For no obvious reason, fetchmail failed to retrieve mail and times out
after five minutes. I got:
fetchmail: Server CommonName mismatch: localhost != pop.hartford-hwp.com
fetchmail: Server certificate verification error: self signed certificate
fetchmail: timeout after 300 seconds waiting for server pop.hartford-hwp.com.
fetchmail: socket error while fetching from
brownh@xxxxxxxxxxxxxxxx@pop.hartford-hwp.com
fetchmail: Query status=2 (SOCKET)
In looking into this certificate verification problem, I find that it
can be ignored, but I went ahead and did:
$ mkdir ~/.certs
$ openssl s_client -connect imap.example.com:993 | \
> sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
> .certs/imap.pem
gethostbyname failure
connect:errno=0
$ c_rehash ~/.certs
This creates empty file: ~/.certs/imap.pem
I next add the line to .fetchmail.rc:
sslcertck sslcertpath $HOME/.certs
I finally do: c_rehash
The problem is that my ~/.certs/imap/pem is empty. I assume there
should be something in it.
$ fetchmail -cvv
fetchmail: 6.3.6 querying pop.hartford-hwp.com (protocol POP3) at Thu 31 J
an 2008 02:15:34 PM EST: poll started
Trying to connect to 209.237.134.152/110...connected.
fetchmail: POP3< +OK Hello there.
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Here's what I can do:
fetchmail: POP3< STLS
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< LOGIN-DELAY 10
fetchmail: POP3< PIPELINING
fetchmail: POP3< UIDL
fetchmail: POP3< IMPLEMENTATION Courier Mail Server
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK Begin SSL/TLS negotiation now.
fetchmail: Issuer Organization: Courier Mail Server
fetchmail: Issuer CommonName: localhost
fetchmail: Server CommonName: localhost
fetchmail: Server CommonName mismatch: localhost != pop.hartford-hwp.com
fetchmail: pop.hartford-hwp.com key fingerprint: 27:33:38:C0:92:FF:CE:37:E
2:BC:70:7C:25:24:E5:03
fetchmail: Server certificate verification error: self signed certificate
14813:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed:s3_clnt.c:894:
fetchmail: pop.hartford-hwp.com: upgrade to TLS failed.
fetchmail: Unknown login or authentication error on brownh@xxxxxxxxxxxxxxx
m@xxxxxxxxxxxxxxxxxxxxxxxxxxx
fetchmail: socket error while fetching from brownh@xxxxxxxxxxxxxxxx@pop.ha
rtford-hwp.com
fetchmail: 6.3.6 querying pop.hartford-hwp.com (protocol POP3) at Thu 31 J
an 2008 02:15:34 PM EST: poll completed
fetchmail: normal termination, status 2
It seems as if I've enabled certificate verification so that the error
can no longer be ignored.
--
Haines Brown, KB1GRM
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- Prev by Date: Re: Strange behaviour of K3B
- Next by Date: ksudoku segfault
- Previous by thread: Editorial: The Tent
- Next by thread: ksudoku segfault
- Index(es):
Relevant Pages
|
