fetchmail ssl certificate verification problem in FreeBSD 8.1

Erik Norgaard norgaard at locolomo.org
Sun Aug 15 20:36:28 UTC 2010

On 15/08/10 21.38, Dan Strick wrote:

> I can get rid of the message by removing the ssl option from the user
> line but then fetchmail would not even try to use ssl.  Why would the
> old fetchmail be better able to verify the server's ssl certificate?
> Has openssl changed?  Where is the openssl certificate directory and why
> should the information needed to verify the server's certificate be
> found on my machine?  Doesn't the openssl library contain something
> like a hardwired list of well known certificate authority systems?

A little bit of searching around I found this (I don't know since when):

# less /usr/src/crypto/openssl/certs/README.RootCerts
The OpenSSL project does not (any longer) include root CA certificates.

Please check out the FAQ:
   * How can I set up a bundle of commercial root CA certificates?

The FAQ is here:


Also, you might find this interesting:


Check your fetchmail settings for sslcertck, maybe it's a compile time 
option to enable this by default.

Fetchmail depends on ca_root_nss, check that one too.

BR, Erik

More information about the freebsd-questions mailing list