I am having some trouble getting fetchmail to recogzine my mail provider's SSL
certificate.
Fetchmail -v says this:
fetchmail: Issuer CommonName: Vex.Net
fetchmail: Server CommonName: *.vex.net
fetchmail: mail.vex.net key fingerprint:
6D:1B:5E:CB:ED:15:B3:B4:9F:C6:E9:91:44:28:50:71
fetchmail: Warning: server certificate verification: unable to get local issuer
certificate
Using this fetchmailrc:
poll mail.vex.net with proto POP3 no dns localdomains obstruction.com
user 'username' password 'secret' to * here
options sslcertpath /home/guy/.certs ssl dropstatus
So I looked in my certificate directory, which looks ok to me (the hash links
are there):
$ ls -l /home/guy/.certs
total 4
lrwxr-xr-x 1 guy guy 16 Jun 30 12:50 b5554f6f.0 -> mail_vex_net.pem
lrwxr-xr-x 1 guy guy 18 Jun 30 12:50 bc809cbf.0 -> vex-net_cacert.pem
-rw-r--r-- 1 guy guy 1383 Jun 30 11:54 mail_vex_net.pem
-rw-r--r-- 1 guy guy 1326 Jun 30 12:28 vex-net_cacert.pem
$
And OpenSSL likes the the certificate:
$ openssl verify -CApath /home/guy/.certs/ mail_vex_net.pem
mail_vex_net.pem: OK
$
$ openssl x509 -noout -fingerprint -in mail_vex_net.pem
MD5 Fingerprint=6D:1B:5E:CB:ED:15:B3:B4:9F:C6:E9:91:44:28:50:71
$
So why does openssl verify like the cert, while fetchmail does not? I tried
fetchmail 6.2.0 and 6.2.2, I get the same thing with both.