Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


  Search this Thread
Old 09-13-2018, 04:56 PM   #1
Registered: Aug 2010
Posts: 325

Rep: Reputation: 141Reputation: 141
openssl-1.1.1 upgrade breaks fetchmail with gmail

Yesterday's upgrade of openssl-1.1.0i to openssl-1.1.1 has broken my fetchmail downloads from I have reverted to openssl-1.1.0i and it works fine again.

The gmail stanza in .fetchmailrc is as follows:

poll with proto pop3 port 995
    auth password
    user 'username' with password 'password' mda "/usr/bin/procmail" ssl sslproto ssl23 sslcertck
The errors I get with openssl-1.1.1 are:

fetchmail: Server CommonName mismatch: invalid2.invalid !=
fetchmail: Server certificate verification error: self signed certificate
fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid
fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: SSL connection failed.
Presumably openssl-1.1.1 has changed something as regards certificate validation. Any ideas about how to fix this?
Old 09-13-2018, 05:21 PM   #2
Registered: Aug 2010
Posts: 325

Original Poster
Rep: Reputation: 141Reputation: 141
Ah, it works if I change the sslproto specified in .fetchmailrc to tls1 instead of ssl23. Presumably openssl-1.1.1 is being stricter.
3 members found this post helpful.
Old 09-14-2018, 12:39 AM   #3
Registered: Oct 2007
Distribution: Slackware
Posts: 939

Rep: Reputation: 215Reputation: 215Reputation: 215
Originally Posted by chrisVV View Post
Ah, it works if I change the sslproto specified in .fetchmailrc to tls1 instead of ssl23. Presumably openssl-1.1.1 is being stricter.
Thanks Chris, this fixed the identical issue on my own fetchmail / gmail setup!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
fetchmail+gmail+fax atux_null Linux - Server 2 02-15-2016 10:08 AM
OpenSSL and Gmail jokar.mohsen Linux - Security 4 06-12-2014 10:35 AM
[SOLVED] fetchmail and gmail repo Linux - General 1 03-29-2011 10:04 AM
openssl upgrade breaks proftpd Rupa Slackware 10 03-15-2010 03:57 PM
Fetchmail with Gmail RySk8er30 Linux - Software 1 04-16-2005 03:37 PM > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 08:40 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration