Certificate error

[Ernie Luzar]

   Lowell Gilbert wrote:

Ernie Luzar [1]<luzar722 at gmail.com> writes:


When I run fetchmail againest my ISP mail pop server it runs fine and
populates my postfix server and shows basically the same log
sequence.

Your ISP's POP server has a certificate signed by a certificate
authority that fetchmail trusts.


          I just change the poll  and user statements in
.fetchmailrc.

Your personal POP server does *not* have a certificate signed by a
certificate authority that fetchmail trusts.

Please answer the following question as directly as you can: how did you
configure fetchmail to accept the certificate being used by your
personal POP server?

The normal way you configure fetchmail to accept a self-signed
certificate is by using the "sslfingerprint" option in your
.fetchmailrc file. Have you done this?



   No
   When I tried to get the fingerprint source
   openssl s_client -connect pop.a1poweruser.com:110 -showcerts
   CONNECTED(00000003)
   675508300:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
   protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_cln
   t.c:795:
   ---
   no peer certificate available
   ---
   No client certificate CA names sent
   ---
   SSL handshake has read 7 bytes and written 307 bytes
   ---
   New, (NONE), Cipher is (NONE)
   Secure Renegotiation IS NOT supported
   Compression: NONE
   Expansion: NONE
   ---
   I thought qpopper would have launched TLS when s_client connected. At a
   lost of what to do next.
   Here is my qpopper.conf
   set server-mode = true
   set statistics = true
   set shy = true
   set fast-update = true
   set reverse-lookup = false
   set log-facility = mail
   set tls-support = stls
   set clear-text-password = tls
   set tls-server-cert-file = /usr/local/etc/qpopper/fme-cert.pem
   set tls-private-key-file = /usr/local/etc/qpopper/fme-key.pem

References

   1. mailto:luzar722 at gmail.com