Anyway, while I'm here, I hope you don't mind if I report another little
quirk. When I connect using POP3 over SSL on port 995, and I'm using a
different name than the one in the certificate, the error message is always
reported *three* times:
fetchmail: Server CommonName mismatch: webmail.example.com != pop3.example.com
fetchmail: Server CommonName mismatch: webmail.example.com != pop3.example.com
fetchmail: Server CommonName mismatch: webmail.example.com != pop3.example.com
This is buried in SSL_verify_callback so I really can't see why it is being
called three times, instead of just once, at login time.
Additional information: it happens somewhere during the call to
SSL_connect(_ssl_context[sock]), shown by sticking an fprintf before and
after this line.
So it seems the certificate verify callback is being called three times - I
guess once for each certificate in the chain up to the root? In which case,
ideally the CN check should only be done the first time.
I see the code only prints the message if depth==0, and I've also checked
that depth is in fact 0 each time that message is printed.
I'm using FreeBSD-5.2.1-RELEASE with its openssl 0.9.7c. Perhaps this is an
OpenSSL bug??
Regards,
Brian.