[Bug 274324] mail/fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 274324] mail/fetchmail"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 07 Oct 2023 11:58:58 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274324

--- Comment #4 from Michael Osipov <michael.osipov@siemens.com> ---
These are sent:
$ openssl s_client -no-CAfile -no-CApath -connect pop.gmail.com:995
CONNECTED(0000019C)
---
Certificate chain
 0 s:CN = pop.gmail.com
   i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
 1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
   i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
 2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
   i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
---

Make sure that every single one (GTS CA 1C3, GTS Root R1, GlobalSign Root CA)
is in your trust since the code does not use/set X509_V_FLAG_PARTIAL_CHAIN.

-- 
You are receiving this mail because:
You are the assignee for the bug.