fetchmail-friends
[Top] [All Lists]

[fetchmail]Re: SSL authentication problems with Gmail

2005-12-16 09:07:26
Matthias Andree <matthias(_dot_)andree(_at_)gmx(_dot_)de> writes:

Sebastian Tennant <sebyte(_at_)smolny(_dot_)plus(_dot_)com> writes:
[...]
Hm. Does another "-v" provide detail?

Nope.  No more info.

And I've now noticed another problem.

  fetchmail[3914]: awakened at Fri Dec 16 08:07:58 2005 
  fetchmail[3914]: 6.2.5.4 querying pop.googlemail.com (protocol POP3) at Fri \
                   Dec 16 08:07:58 2005: poll started
  fetchmail[3914]: Issuer Organization: Thawte Consulting cc 
  fetchmail[3914]: Issuer CommonName: Thawte Premium Server CA 
  fetchmail[3914]: Server CommonName: pop.googlemail.com 
  fetchmail[3914]: pop.googlemail.com key fingerprint: \
                   46:8B:6C:F4:3E:4C:56:29:83:54:2C:37:42:F1:67:80
  fetchmail[3914]: SIGPIPE thrown from an MDA or a stream socket error 
  fetchmail[3914]: 6.2.5.4 querying pop.googlemail.com (protocol POP3) at Fri \
                   Dec 16 08:07:58 2005: poll completed
  fetchmail[3914]: Query status=2 (SOCKET) 

I think this happens when I fire up Gnus (configured to collect my IMAP mail
only).  Could POP and IMAP be sharing the same port or socket or something?

Does fetchmail 6.3.0 or 6.3.1-pre1 work for you?  See

http://fetchmail.berlios.de/              for 6.3.0

http://home.pages.de/~mandree/fetchmail/  for 6.3.1-pre1

I'll give this a go when I find the time.  At the moment I'm running fetchmail
version 6.2.5.4-1, (according to Debian apt-show-versions).

Is [there] another copy of the google root certificate in /etc/ssl/certs (or
whatever else the SSL default path for certificates is on your system)?
AFAIR -CApath just adds to the path without removing the former path
components.

Yup. You're right.  I renamed /etc/ssl/certs to certs(disabled) and am now
getting the following output with the aforementioned openssl `rhubarb'
command.  I'm also still getting this output with the proper command :-/

  CONNECTED(00000003)
  depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.googlemail.com
  verify error:num=20:unable to get local issuer certificate
  verify return:1
  depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.googlemail.com
  verify error:num=27:certificate not trusted
  verify return:1
  depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.googlemail.com
  verify error:num=21:unable to verify the first certificate
  verify return:1
 
  [...]

  ... Verify return code: 21 (unable to verify the first certificate)

This is how I created Google's pem file:

  Got the certificate with:

    $ openssl s_client -connect smtp.googlemail.com:995 -showcerts

  Marked the region containing the certificate, including these lines:

    -----BEGIN CERTIFICATE-----
    [...]
    -----END CERTIFICATE-----

  Wrote the region to disk as a `pem' file.

  (As I'm working in an Emacs unicode shell buffer on a Linux box, do you think
   it could be a `LF instead of CR/LF' issue?)

  Then I created the hash for it with:

    $ c_rehash <directory_of_pem_files>

  Oh well... more problems.  Would like to dig deeper but no time.  Have to run
  now.

  Once again, any further help much appreciated.


_______________________________________________
Fetchmail-friends mailing list
Fetchmail-friends(_at_)lists(_dot_)ccil(_dot_)org
http://lists.ccil.org/cgi-bin/mailman/listinfo/fetchmail-friends