fetchmail ssl certificate verification problem in FreeBSD 8.1

A. Wright andrew at qemg.org
Mon Aug 16 12:10:52 UTC 2010

On Sun, 15 Aug 2010, RW wrote:

> On Sun, 15 Aug 2010 Dan Strick <mla_strick at att.net> wrote:
>> That explains the problem.
>> I copied the file /usr/local/share/certs/ca-root-nss.crt from my old
>> FreeBSD release-8.0 system and hooked it up to fetchmail with the
>> fetchmail sslcertfile option.  At least fetchmail is now happy.
> You'd be better off installing security/ca_root_nss otherwise you'll be
> stuck with a stale file.
> I don't know why you don't have it, it's a dependency of fetchmail and
> many other ports.

This thread caused me to look at my maillog, and I see the same issue.

The fetchmail port has correctly installed security/ca_root_nss,
and pkg_which reports the file in /usr/local/share/certs as having
the origin ca_root_nss-3.12.4, however fetchmail isn't looking at

Looking at the fetchmail code, there is no value set for
ctl->sslcertfile.  I'm not sure what fetchmail's behaviour was
prior to 8.1, so I do not know whether this has changed.  I
don't have a pre-8.1 install handy -- if the OP does, I'd be
interested in knowing whether the string
 	"SSL trusted certificate file:"
appears in the output of
 	env LC_ALL=C fetchmail -V -v --nodetach --nosyslog
and if so, what filename appears after the colon.


More information about the freebsd-questions mailing list