fetchmail ssl certificate verification problem in FreeBSD 8.1
andrew at qemg.org
Mon Aug 16 12:10:52 UTC 2010
On Sun, 15 Aug 2010, RW wrote:
> On Sun, 15 Aug 2010 Dan Strick <mla_strick at att.net> wrote:
>> That explains the problem.
>> I copied the file /usr/local/share/certs/ca-root-nss.crt from my old
>> FreeBSD release-8.0 system and hooked it up to fetchmail with the
>> fetchmail sslcertfile option. At least fetchmail is now happy.
> You'd be better off installing security/ca_root_nss otherwise you'll be
> stuck with a stale file.
> I don't know why you don't have it, it's a dependency of fetchmail and
> many other ports.
This thread caused me to look at my maillog, and I see the same issue.
The fetchmail port has correctly installed security/ca_root_nss,
and pkg_which reports the file in /usr/local/share/certs as having
the origin ca_root_nss-3.12.4, however fetchmail isn't looking at
Looking at the fetchmail code, there is no value set for
ctl->sslcertfile. I'm not sure what fetchmail's behaviour was
prior to 8.1, so I do not know whether this has changed. I
don't have a pre-8.1 install handy -- if the OP does, I'd be
interested in knowing whether the string
"SSL trusted certificate file:"
appears in the output of
env LC_ALL=C fetchmail -V -v --nodetach --nosyslog
and if so, what filename appears after the colon.
More information about the freebsd-questions