fetchmail-friends
[Top] [All Lists]

Re: [fetchmail]suppress SSL negotiation?

2005-08-26 01:38:45
Alan I <alanitech(_at_)yahoo(_dot_)com> writes:

Hi -- can I force fetchmail to skip SSL negotiation?

My email provider changed things around recently, and
ever since, fetchmail has been downloading my email,
but not without a "Server CommonName mismatch" warning
that is creating a lot of noise in my logs.

I traced this to a problem with the self-signed
certificate my POP provider uses. But this seems odd
to me, since I don't intentionally use any encryption
to grab the mail (see my .fetchmailrc below).

I am aware of the --sslcert option, but I'm interested
in just avoiding it if I can.

Sorry, it's been a long time since you've asked, but I haven't seen a
reasonable reply yet, so even if it's just for the records, here goes:

sslcert doesn't help, but either of these two equivalent options

sslproto ''
sslproto ssl23

or the slightly different

sslproto ssl3

should work for you, as fetchmail, in your situation, attempts TLSv1
(dubbed tls1 for purposes of the sslproto option) negotiation if either
sslproto is not set at all (which is different from it being set to the
empty value) or set to 'tls1'.

fetchmail 6.3.0 will add proper documentation to the sslproto option,
such as:

       --sslproto <name>
              (Keyword:  sslproto) Forces an SSL protocol. Possible values are
              'ssl2', 'ssl3', 'ssl23', and 'tls1'. Try  this  if  the  default
              handshake  does  not  work  for your server. To defeat automatic
              TLSv1 negotiation when the server advertises STARTTLS  or  STLS,
              use  ''  or 'ssl23'. The default is to try appropriate protocols
              depending on context.

-- 
Matthias Andree

_______________________________________________
Fetchmail-friends mailing list
Fetchmail-friends(_at_)lists(_dot_)ccil(_dot_)org
http://lists.ccil.org/cgi-bin/mailman/listinfo/fetchmail-friends

<Prev in Thread] Current Thread [Next in Thread>
  • Re: [fetchmail]suppress SSL negotiation?, Matthias Andree <=