LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-18-2014, 03:15 AM   #1
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 2,062

Rep: Reputation: 273Reputation: 273Reputation: 273
gmail keeps switching its ssl fingerprint


I fetch mail from my gmail account with fetchmail. A few days ago I started getting:

Quote:
fetchmail: pop.gmail.com fingerprints do not match!
3074012860:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1180:
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from RandomTroll-08-098-098-8adsf@pop.gmail.com
fetchmail: Query status=2 (SOCKET)
I wrote a script to fetch a new certificate and generate its fingerprint. It changes between 2 different numbers, first one, then the other, multiple times a day, sometimes within minutes. So I just comment out the one that isn't working and uncomment the other one in .fetchmailrc.

The odd thing, to me, is that I discard the certificate I get: I don't need it, just the fingerprint. I generate the fingerprint from the certificate - isn't it unique? Or is the certificate unnecessary? I point fetchmail to a certificate. I updated it, but that made no difference.

(RandomTroll is not my gmail account.)
 
Old 09-18-2014, 04:30 AM   #2
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 665

Rep: Reputation: Disabled
below can help:

https://productforums.google.com/for...il/tqjOmqxpMKY
 
Old 09-18-2014, 02:58 PM   #3
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 2,062

Original Poster
Rep: Reputation: 273Reputation: 273Reputation: 273
I read this before I asked here. I just read it again. I don't interpret it as having solved the problem. Perhaps I missed something.

I also asked a different question: how can I change the fingerprint but not the certificate and have it work? I generate the fingerprint from the certificate but I don't have to change the certificate to use a different fingerprint. I thought they had to match.
 
Old 09-19-2014, 12:02 AM   #4
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 665

Rep: Reputation: Disabled
You can try re-keying your certificate, that would change its fingerprints.
 
Old 09-19-2014, 03:25 AM   #5
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 2,062

Original Poster
Rep: Reputation: 273Reputation: 273Reputation: 273
Quote:
Originally Posted by SAbhi View Post
You can try re-keying your certificate, that would change its fingerprints.
I know certificates expire and I wait until they do before replacing them, so the first thing I did when I got this error was create and use a new certificate. That made no difference.

I have to switch fingerprints; I *don't* have to switch certificates. I have to create a certificate to calculate a fingerprint, but I don't have to use the certificate from which I created the fingerprint to make gmail happy. That's what I don't understand. I thought fetchmail had to use the certificate I created with its matching fingerprint, but both fingerprints work with the same certificate.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
fingerprint match against collection of previos fingerprint mukesh.methaniya Linux - Software 1 04-18-2023 06:51 PM
[SOLVED] Nginx as SSL Proxy for Weblogic Server and switching ports. mosiac Linux - Desktop 5 07-24-2013 10:57 AM
Prob. with gmail It's that time of day. Gmail aims to help you in many ways..." frenchn00b General 1 04-10-2009 05:27 PM
SUSE Open 10.3. Gmail. PITA. (If you don't have Gmail, you will not understand) Lola Kews SUSE / openSUSE 6 03-19-2008 08:43 AM
LXer: Import mail into Gmail with the Gmail Loader LXer Syndicated Linux News 0 03-19-2007 07:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration