LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 09-13-2018, 04:56 PM   #1
chrisVV
Member
 
Registered: Aug 2010
Posts: 322

Rep: Reputation: 139Reputation: 139
openssl-1.1.1 upgrade breaks fetchmail with gmail


Yesterday's upgrade of openssl-1.1.0i to openssl-1.1.1 has broken my fetchmail downloads from pop.gmail.com. I have reverted to openssl-1.1.0i and it works fine again.

The gmail stanza in .fetchmailrc is as follows:

Code:
poll pop.gmail.com with proto pop3 port 995
    auth password
    user 'username' with password 'password' mda "/usr/bin/procmail" ssl sslproto ssl23 sslcertck
The errors I get with openssl-1.1.1 are:

Code:
fetchmail: Server CommonName mismatch: invalid2.invalid != pop.gmail.com
fetchmail: Server certificate verification error: self signed certificate
fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid
fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: SSL connection failed.
Presumably openssl-1.1.1 has changed something as regards certificate validation. Any ideas about how to fix this?
 
Old 09-13-2018, 05:21 PM   #2
chrisVV
Member
 
Registered: Aug 2010
Posts: 322

Original Poster
Rep: Reputation: 139Reputation: 139
Ah, it works if I change the sslproto specified in .fetchmailrc to tls1 instead of ssl23. Presumably openssl-1.1.1 is being stricter.
 
3 members found this post helpful.
Old 09-14-2018, 12:39 AM   #3
andrew.46
Member
 
Registered: Oct 2007
Distribution: Slackware
Posts: 914

Rep: Reputation: 204Reputation: 204Reputation: 204
Quote:
Originally Posted by chrisVV View Post
Ah, it works if I change the sslproto specified in .fetchmailrc to tls1 instead of ssl23. Presumably openssl-1.1.1 is being stricter.
Thanks Chris, this fixed the identical issue on my own fetchmail / gmail setup!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
fetchmail+gmail+fax atux_null Linux - Server 2 02-15-2016 10:08 AM
OpenSSL and Gmail jokar.mohsen Linux - Security 4 06-12-2014 10:35 AM
[SOLVED] fetchmail and gmail repo Linux - General 1 03-29-2011 10:04 AM
openssl upgrade breaks proftpd Rupa Slackware 10 03-15-2010 03:57 PM
Fetchmail with Gmail RySk8er30 Linux - Software 1 04-16-2005 03:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration