nmh-workers
[Top] [All Lists]

[nmh-workers] fetchmail and SNI (and pop.gmail.com)

2019-06-27 09:10:28

I have used:

   fetchmail --verbose --sslcertpath="/etc/ssl/certs" --sslcertck --proto POP3 
--mda "rcvstore -sequence gmail +inbox" --logfile /var/tmp/gmail.log 
pop.gmail.com

to get my gmail downloaded for some time now.
It seems that fetchmail doesn't enable SNI for it's TLS connection, and I
don't see any new versions of fetchmail in years.  It looks like
pop.gmail.com wants SNI:

fetchmail: Trying to connect to 2607:f8b0:4001:c16::6c/995...connected.
fetchmail: Server certificate:
fetchmail: Unknown Organization
fetchmail: Issuer CommonName: invalid2.invalid
fetchmail: Subject CommonName: invalid2.invalid
fetchmail: Server CommonName mismatch: invalid2.invalid != pop.gmail.com
fetchmail: pop.gmail.com key fingerprint: 
90:4A:C8:D5:44:5A:D0:6A:8A:10:FF:CD:8B:11:BE:16
fetchmail: Server certificate verification error: self signed certificate
fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix 
your client./CN=invalid2.invalid

[nice hack to send a message back to the user Google...]

I don't think that inc has any TLS support.
(kerberos support, yes)

Maybe there are other ways to skin this cat?

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

Attachment: signature.asc
Description: PGP signature

-- 
nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers
<Prev in Thread] Current Thread [Next in Thread>