Sebastian Tennant <sebyte(_at_)smolny(_dot_)plus(_dot_)com> writes:
The relevant section of my /etc/fetchmailrc reads as follows:
poll "pop.googlemail.com" with protocol pop3 port 995
user "sebyte" pass "xxxxxxx" is "sebyte" here
options ssl sslcertck sslcertpath "/home/sebyte/.gnus.d/certs"
keep
total 8
lrwxrwxrwx 1 sebyte adm 10 Dec 14 23:06 ddc328ff.0 -> thwate.pem
lrwxrwxrwx 1 sebyte adm 14 Dec 14 23:06 e5b84c7a.0 -> googlemail.pem
-rw-rw-r-- 1 sebyte adm 1223 Dec 14 23:06 googlemail.pem
-rw-rw-r-- 1 sebyte adm 1126 Dec 14 23:06 thwate.pem
Appears ok.
I am getting the following log output:
fetchmail[3917]: 6.2.5.4 querying pop.googlemail.com (protocol POP3) at Thu
\
Dec 15 09:26:07 2005: poll started
fetchmail[3917]: Issuer Organization: Thawte Consulting cc
fetchmail[3917]: Issuer CommonName: Thawte Premium Server CA
fetchmail[3917]: Server CommonName: pop.googlemail.com
fetchmail[3917]: pop.googlemail.com key fingerprint: \
46:8B:6C:F4:3E:4C:56:29:83:54:2C:37:42:F1:67:80
fetchmail[3917]: 6.2.5.4 querying pop.googlemail.com (protocol POP3) at Thu
\
Dec 15 09:26:08 2005: poll completed
fetchmail[3917]: Query status=3 (AUTHFAIL)
fetchmail[3917]: sleeping at Thu Dec 15 11:36:13 2005
Hm. Does another "-v" provide detail?
Does fetchmail 6.3.0 or 6.3.1-pre1 work for you? See
http://fetchmail.berlios.de/ for 6.3.0
http://home.pages.de/~mandree/fetchmail/ for 6.3.1-pre1
I haven't got my password wrong so presumably the problem lies with the
certificates I've generated. Is there a way to check these? The instructions
in the `Postfix tutorial' above suggest using the following command:
$ openssl s_client -connect pop.googlemail.com:995 -CApath \
/home/sebyte/.gnus.d/certs
but in my experience, it says:
"... verify return code: 0 (ok)"
whether I specify `/home/sebyte/.gnus.d/certs' as the CApath, or `rhubarb'!
Interesting, I get (with OpenSSL 0.9.7g 11 Apr 2005):
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.googlemail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.googlemail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.googlemail.com
verify error:num=21:unable to verify the first certificate
verify return:1
...
Is another copy of the google root certificate in /etc/ssl/certs (or
whatever else the SSL default path for certificates is on your system)?
AFAIR -CApath just adds to the path without removing the former path
components.
--
Matthias Andree
_______________________________________________
Fetchmail-friends mailing list
Fetchmail-friends(_at_)lists(_dot_)ccil(_dot_)org
http://lists.ccil.org/cgi-bin/mailman/listinfo/fetchmail-friends