LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 09-13-2018, 03:56 PM   #1
chrisVV
Member
 
Registered: Aug 2010
Posts: 534

Rep: Reputation: 362Reputation: 362Reputation: 362Reputation: 362
openssl-1.1.1 upgrade breaks fetchmail with gmail


Yesterday's upgrade of openssl-1.1.0i to openssl-1.1.1 has broken my fetchmail downloads from pop.gmail.com. I have reverted to openssl-1.1.0i and it works fine again.

The gmail stanza in .fetchmailrc is as follows:

Code:
poll pop.gmail.com with proto pop3 port 995
    auth password
    user 'username' with password 'password' mda "/usr/bin/procmail" ssl sslproto ssl23 sslcertck
The errors I get with openssl-1.1.1 are:

Code:
fetchmail: Server CommonName mismatch: invalid2.invalid != pop.gmail.com
fetchmail: Server certificate verification error: self signed certificate
fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid
fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: SSL connection failed.
Presumably openssl-1.1.1 has changed something as regards certificate validation. Any ideas about how to fix this?
 
Old 09-13-2018, 04:21 PM   #2
chrisVV
Member
 
Registered: Aug 2010
Posts: 534

Original Poster
Rep: Reputation: 362Reputation: 362Reputation: 362Reputation: 362
Ah, it works if I change the sslproto specified in .fetchmailrc to tls1 instead of ssl23. Presumably openssl-1.1.1 is being stricter.
 
3 members found this post helpful.
Old 09-13-2018, 11:39 PM   #3
andrew.46
Senior Member
 
Registered: Oct 2007
Distribution: Slackware
Posts: 1,327

Rep: Reputation: 480Reputation: 480Reputation: 480Reputation: 480Reputation: 480
Quote:
Originally Posted by chrisVV View Post
Ah, it works if I change the sslproto specified in .fetchmailrc to tls1 instead of ssl23. Presumably openssl-1.1.1 is being stricter.
Thanks Chris, this fixed the identical issue on my own fetchmail / gmail setup!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
fetchmail+gmail+fax atux_null Linux - Server 2 02-15-2016 09:08 AM
OpenSSL and Gmail jokar.mohsen Linux - Security 4 06-12-2014 09:35 AM
[SOLVED] fetchmail and gmail repo Linux - General 1 03-29-2011 09:04 AM
openssl upgrade breaks proftpd Rupa Slackware 10 03-15-2010 02:57 PM
Fetchmail with Gmail RySk8er30 Linux - Software 1 04-16-2005 02:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 10:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration