fetchmail-friends
[Top] [All Lists]

[fetchmail]Re: [fetchmail-users] SSL authentication problems with Gmail

2006-01-04 09:31:24
Sebastian Tennant <sebyte(_at_)smolny(_dot_)plus(_dot_)com> writes:

OK, added another `-v' and it just lists the Thawte server as well...

  fetchmail[4584]: starting fetchmail 6.3.1 daemon
  fetchmail[4584]: 6.3.1 querying pop.googlemail.com (protocol POP3) at Wed 
Jan  4 11:47:17 2006: poll started
  fetchmail[4584]: Issuer Organization: Thawte Consulting cc
  fetchmail[4584]: Issuer CommonName: Thawte Premium Server CA
  fetchmail[4584]: Server CommonName: pop.googlemail.com
  fetchmail[4584]: pop.googlemail.com key fingerprint: 
46:8B:6C:F4:3E:4C:56:29:83:54:2C:37:42:F1:67:80
  fetchmail[4584]: 6.3.1 querying pop.googlemail.com (protocol POP3) at Wed 
Jan  4 11:47:18 2006: poll completed
  fetchmail[4584]: Query status=2 (SOCKET)
  fetchmail[4584]: sleeping at Wed Jan  4 11:47:18 2006

Looks like it never talks to the POP server.  Can you drop the "port
995" and "sslcertck" options from your fetchmailrc and see what you
get.

Removed these lines and it works.  Thanks to everyone who helped.

Well, I checked the source code and found no code path where SSL
certificate verification would fail without leaving log messages, such
as 1. the actual error and 2. "SSL connection failed".

POP3 was configured explicitly, so "port 995" forth or back doesn't make
a difference either -- removing this option can only make things worse,
not better.

Remains the question after sslcertck -- it will log trouble, too, EXCEPT
if a certificate at greater depth causes a preverification failure
without setting the error code in the X.509 context variables (and we'd
still get "SSL connection failed" in this case).

It appears as though the server dropped the connection after the SSL
negotiation and before the greeting, or that your log information is
incomplete.  Your logging appears to be from syslog, so could you post
your syslog.conf or syslog-ng.conf (whichever you're *actually* using)?

Do you get more detailed logging with "fetchmail --nosyslog -vv -N -d0
--sslcertck --port 995"? Can you try running this and see if you still
get socket errors and if so, which errors they print?

Thanks in advance,

-- 
Matthias Andree

_______________________________________________
Fetchmail-friends mailing list
Fetchmail-friends(_at_)lists(_dot_)ccil(_dot_)org
http://lists.ccil.org/cgi-bin/mailman/listinfo/fetchmail-friends