[ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1

[ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1

[Corinna Vinschen]

The following packages have been uploaded to the Cygwin distribution:

* fetchmail-6.4.0.rc3-1

This is a test release for the upcoming fetchmail 6.4.0.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1

[Eliza]

Corinna,

on 2019/8/28 20:49, Corinna Vinschen wrote:
> The following packages have been uploaded to the Cygwin distribution:
> 
> * fetchmail-6.4.0.rc3-1
> 
> This is a test release for the upcoming fetchmail 6.4.0.

I still got the error:

unable to get local issuer certificate
fetchmail: Broken certification chain at: /C=US/O=DigiCert 
Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018
fetchmail: This could mean that the server did not provide the 
intermediate CA's certificate(s), which is nothing fetchmail could do 
anything about.  For details, please see the README.SSL-SERVER document 
that ships with fetchmail.
fetchmail: This could mean that the root CA's signing certificate is not 
in the trusted CA certificate location, or that c_rehash needs to be run 
on the certificate directory. For details, please see the documentation 
of --sslcertpath and --sslcertfile in the manual page.
fetchmail: OpenSSL reported: error:1416F086:SSL 
routines:tls_process_server_certificate:certificate verify failed


Can you help?
Thanks.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1

[René Berber]

On 8/28/2019 8:15 PM, Eliza wrote:

> I still got the error:
> 
> unable to get local issuer certificate
> fetchmail: Broken certification chain at: /C=US/O=DigiCert
> Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018
> fetchmail: This could mean that the server did not provide the
> intermediate CA's certificate(s), which is nothing fetchmail could do
> anything about.  For details, please see the README.SSL-SERVER document
> that ships with fetchmail.
> fetchmail: This could mean that the root CA's signing certificate is not
> in the trusted CA certificate location, or that c_rehash needs to be run
> on the certificate directory. For details, please see the documentation
> of --sslcertpath and --sslcertfile in the manual page.
> fetchmail: OpenSSL reported: error:1416F086:SSL
> routines:tls_process_server_certificate:certificate verify failed

You probably have to (re)install (package) ca-certificates.

Or, if you are using your own installed certificate, it may be installed
in the wrong place (i.e. that causes the not found error seen above, its
either not installed, or not in the right place).

HTH
-- 
R.Berber


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1

[Eliza]

Hello,

on 2019/8/29 9:35, René Berber wrote:
> You probably have to (re)install (package) ca-certificates.
> 
> Or, if you are using your own installed certificate, it may be installed
> in the wrong place (i.e. that causes the not found error seen above, its
> either not installed, or not in the right place).

I have re-installed ca-certificates 2.32-1, then reopen the terminal and 
run fetchmail. the error still exists.

Any idea? thanks.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1

[René Berber]

On 8/28/2019 8:46 PM, Eliza wrote:

> Hello,

Hi,

> on 2019/8/29 9:35, René Berber wrote:
>> You probably have to (re)install (package) ca-certificates.
>>
>> Or, if you are using your own installed certificate, it may be installed
>> in the wrong place (i.e. that causes the not found error seen above, its
>> either not installed, or not in the right place).
> 
> I have re-installed ca-certificates 2.32-1, then reopen the terminal and
> run fetchmail. the error still exists.
> 
> Any idea? thanks.

Check the sslcertpath parameter used by fetchmail, see if it points to
the certificates (/etc/pki/tls/certs or /etc/ssl/certs).  Also sslkey if
there is one.

The parameter(s) could/should be in ~/.fetchmailrc .

Your error message said "local issuer certificate".  I'm not sure about
that but it seems to be having problems with the _client_ certificate,
not the server.  Did you install a cert?  Perhaps an identity cert used
by your mailer? Question is, does fetchmail knows were it is (including
any extra certs needed to validate it).

Now the fun part, run:

fetchmail -v

and let's see the detail of what is happening.
-- 
R.Berber

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1

[Eliza]

Hello,

on 2019/8/29 10:54, René Berber wrote:
> Check the sslcertpath parameter used by fetchmail, see if it points to
> the certificates (/etc/pki/tls/certs or /etc/ssl/certs).  Also sslkey if
> there is one.
> 
> The parameter(s) could/should be in ~/.fetchmailrc .

Yes the certs files are there:

$ ls /etc/pki/tls/certs
ca-bundle.crt  ca-bundle.trust.crt


$ ls /etc/ssl/certs
ca-bundle.crt  ca-bundle.trust.crt


fetchmail -v got the same error at the bottom lines.

  unable to get local issuer certificate
fetchmail: Broken certification chain at: /C=US/O=DigiCert 
Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018
fetchmail: This could mean that the server did not provide the 
intermediate CA's certificate(s), which is nothing fetchmail could do 
anything about.  For details, please see the README.SSL-SERVER document 
that ships with fetchmail.
fetchmail: This could mean that the root CA's signing certificate is not 
in the trusted CA certificate location, or that c_rehash needs to be run 
on the certificate directory. For details, please see the documentation 
of --sslcertpath and --sslcertfile in the manual page.
fetchmail: OpenSSL reported: error:1416F086:SSL 
routines:tls_process_server_certificate:certificate verify failed


Thank you.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1

[René Berber]

On 8/28/2019 10:05 PM, Eliza wrote:

[snip]
> Yes the certs files are there:
> 
> $ ls /etc/pki/tls/certs
> ca-bundle.crt  ca-bundle.trust.crt

Oops! Sorry, that's just the location of links to the real certs.
Better try:

ls -al /etc/pki/ca-trust/extracted/{pem,openssl}

In .fetchmailrc, is there any parameter specifying this location, or is
using all defaults (i.e. no parameters starting with ssl)?
-- 
R.Berber

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1

[Andrey Repin]

Greetings, Eliza!

> fetchmail -v got the same error at the bottom lines.

>   unable to get local issuer certificate
> fetchmail: Broken certification chain at: /C=US/O=DigiCert 
> Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018
> fetchmail: This could mean that the server did not provide the 
> intermediate CA's certificate(s), which is nothing fetchmail could do 
> anything about.  For details, please see the README.SSL-SERVER document 
> that ships with fetchmail.
> fetchmail: This could mean that the root CA's signing certificate is not 
> in the trusted CA certificate location, or that c_rehash needs to be run 
> on the certificate directory. For details, please see the documentation 
> of --sslcertpath and --sslcertfile in the manual page.
> fetchmail: OpenSSL reported: error:1416F086:SSL 
> routines:tls_process_server_certificate:certificate verify failed

Point --sslcertfile to /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt


-- 
With best regards,
Andrey Repin
Thursday, August 29, 2019 23:40:57

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple