fetchmail-friends
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[fetchmail]Re: [fetchmail-users] SSL authentication problems with Gmail

2006-01-04 17:00:15
from [Matthias Andree] [Permanent Link] 
Sebastian Tennant <sebyte(_at_)smolny(_dot_)plus(_dot_)com> writes:


Doh!  Just when you think you've wrapped something up...

I didn't attach the init script did I?  I attached my fetchmailrc,
including my password!

I've changed the password, and there were no other account details
included, so no harm done... luckily!

Take two.  Init script attached.


OK, that, and the relevant syslog except allow me to write a concluding
report, Sebastian's problems are completely solved.

1. grabbing the certificate from the server dialogue failed; although
   c_rehash had worked properly, it was the wrong certificate
   apparently. ("unable to get local issuer certificate")

   There are certainly people with a deeper understanding of the SSL
   certification process that can explain this better than I can.

2. Debian's ca-certificates package has the Thawte root certificate in
   the default place, this proved sufficient to verify Google's
   certificate (which is signed by Thawte) in fetchmail 6.3.1 even with
   --sslcertck (which I recommend to use, as it's safer).

   NOTE: older fetchmail versions fail to set the SSL default
   certificate path, you must set "--sslcertpath /etc/ssl/certs"
   manually (or whichever the path is; you can also specify this in the
   fetchmailrc file.).

3. Debian's init script diverts logging to syslog by default, and the
   reporter's syslog.conf split error messages out to a separate file,
   where they went unnoticed.
   
   I therefore take the right to advise against using the "=" and "!"
   operators in syslog.conf. "mail.info" is the correct left-hand-side
   to use in syslog.conf for fetchmail 6.2.5.X and 6.3.X.

4. Debian's init script supports an operation "debug-run", which avoids
   syslog, and logs everything on the console in verbose mode. This
   appears to be a simple way to procure all necessary debug information
   on Debian systems.

Happy fetchmailing,

-- 
Matthias Andree

_______________________________________________
Fetchmail-friends mailing list
Fetchmail-friends(_at_)lists(_dot_)ccil(_dot_)org
http://lists.ccil.org/cgi-bin/mailman/listinfo/fetchmail-friends
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [fetchmail]fetchmail 6.3.0 contained incompatible idfile change, Matthias Andree
Next by Date:  Re: [fetchmail]comcast.net and attachments - workaround, Matthias Andree
Previous by Thread:  [fetchmail]Re: [fetchmail-users] SSL authentication problems with Gmail, Sebastian Tennant
Next by Thread:  [fetchmail]Header Problem., rahul
Indexes:  [Date] [Thread] [Top] [All Lists]