[ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

* [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1
@ 2019-08-28 12:53 Corinna Vinschen
  2019-08-29  1:35 ` Eliza
  0 siblings, 1 reply; 8+ messages in thread
From: Corinna Vinschen @ 2019-08-28 12:53 UTC (permalink / raw)
  To: cygwin

The following packages have been uploaded to the Cygwin distribution:

* fetchmail-6.4.0.rc3-1

This is a test release for the upcoming fetchmail 6.4.0.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1
  2019-08-28 12:53 [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1 Corinna Vinschen
@ 2019-08-29  1:35 ` Eliza
  2019-08-29  1:47   ` René Berber
  0 siblings, 1 reply; 8+ messages in thread
From: Eliza @ 2019-08-29  1:35 UTC (permalink / raw)
  To: cygwin

Corinna,

on 2019/8/28 20:49, Corinna Vinschen wrote:
> The following packages have been uploaded to the Cygwin distribution:
> 
> * fetchmail-6.4.0.rc3-1
> 
> This is a test release for the upcoming fetchmail 6.4.0.

I still got the error:

unable to get local issuer certificate
fetchmail: Broken certification chain at: /C=US/O=DigiCert 
Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018
fetchmail: This could mean that the server did not provide the 
intermediate CA's certificate(s), which is nothing fetchmail could do 
anything about.  For details, please see the README.SSL-SERVER document 
that ships with fetchmail.
fetchmail: This could mean that the root CA's signing certificate is not 
in the trusted CA certificate location, or that c_rehash needs to be run 
on the certificate directory. For details, please see the documentation 
of --sslcertpath and --sslcertfile in the manual page.
fetchmail: OpenSSL reported: error:1416F086:SSL 
routines:tls_process_server_certificate:certificate verify failed

Can you help?
Thanks.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1
  2019-08-29  1:35 ` Eliza
@ 2019-08-29  1:47   ` René Berber
  2019-08-29  2:54     ` Eliza
  0 siblings, 1 reply; 8+ messages in thread
From: René Berber @ 2019-08-29  1:47 UTC (permalink / raw)
  To: cygwin

On 8/28/2019 8:15 PM, Eliza wrote:

> I still got the error:
> 
> unable to get local issuer certificate
> fetchmail: Broken certification chain at: /C=US/O=DigiCert
> Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018
> fetchmail: This could mean that the server did not provide the
> intermediate CA's certificate(s), which is nothing fetchmail could do
> anything about.Â  For details, please see the README.SSL-SERVER document
> that ships with fetchmail.
> fetchmail: This could mean that the root CA's signing certificate is not
> in the trusted CA certificate location, or that c_rehash needs to be run
> on the certificate directory. For details, please see the documentation
> of --sslcertpath and --sslcertfile in the manual page.
> fetchmail: OpenSSL reported: error:1416F086:SSL
> routines:tls_process_server_certificate:certificate verify failed

You probably have to (re)install (package) ca-certificates.

Or, if you are using your own installed certificate, it may be installed
in the wrong place (i.e. that causes the not found error seen above, its
either not installed, or not in the right place).

HTH
-- 
R.Berber


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1
  2019-08-29  1:47   ` René Berber
@ 2019-08-29  2:54     ` Eliza
  2019-08-29  3:05       ` René Berber
  0 siblings, 1 reply; 8+ messages in thread
From: Eliza @ 2019-08-29  2:54 UTC (permalink / raw)
  To: cygwin

Hello,

on 2019/8/29 9:35, RenÃ© Berber wrote:
> You probably have to (re)install (package) ca-certificates.
> 
> Or, if you are using your own installed certificate, it may be installed
> in the wrong place (i.e. that causes the not found error seen above, its
> either not installed, or not in the right place).

I have re-installed ca-certificates 2.32-1, then reopen the terminal and 
run fetchmail. the error still exists.

Any idea? thanks.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1
  2019-08-29  2:54     ` Eliza
@ 2019-08-29  3:05       ` René Berber
  2019-08-29  4:48         ` Eliza
  0 siblings, 1 reply; 8+ messages in thread
From: René Berber @ 2019-08-29  3:05 UTC (permalink / raw)
  To: cygwin

On 8/28/2019 8:46 PM, Eliza wrote:

> Hello,

Hi,

> on 2019/8/29 9:35, RenÃ© Berber wrote:
>> You probably have to (re)install (package) ca-certificates.
>>
>> Or, if you are using your own installed certificate, it may be installed
>> in the wrong place (i.e. that causes the not found error seen above, its
>> either not installed, or not in the right place).
> 
> I have re-installed ca-certificates 2.32-1, then reopen the terminal and
> run fetchmail. the error still exists.
> 
> Any idea? thanks.

Check the sslcertpath parameter used by fetchmail, see if it points to
the certificates (/etc/pki/tls/certs or /etc/ssl/certs).  Also sslkey if
there is one.

The parameter(s) could/should be in ~/.fetchmailrc .

Your error message said "local issuer certificate".  I'm not sure about
that but it seems to be having problems with the _client_ certificate,
not the server.  Did you install a cert?  Perhaps an identity cert used
by your mailer? Question is, does fetchmail knows were it is (including
any extra certs needed to validate it).

Now the fun part, run:

fetchmail -v

and let's see the detail of what is happening.
-- 
R.Berber

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1
  2019-08-29  3:05       ` René Berber
@ 2019-08-29  4:48         ` Eliza
  2019-08-29 19:20           ` René Berber
  2019-08-29 21:26           ` Andrey Repin
  0 siblings, 2 replies; 8+ messages in thread
From: Eliza @ 2019-08-29  4:48 UTC (permalink / raw)
  To: cygwin

Hello,

on 2019/8/29 10:54, RenÃ© Berber wrote:
> Check the sslcertpath parameter used by fetchmail, see if it points to
> the certificates (/etc/pki/tls/certs or /etc/ssl/certs).  Also sslkey if
> there is one.
> 
> The parameter(s) could/should be in ~/.fetchmailrc .

Yes the certs files are there:

$ ls /etc/pki/tls/certs
ca-bundle.crt  ca-bundle.trust.crt

$ ls /etc/ssl/certs
ca-bundle.crt  ca-bundle.trust.crt

fetchmail -v got the same error at the bottom lines.

  unable to get local issuer certificate
fetchmail: Broken certification chain at: /C=US/O=DigiCert 
Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018
fetchmail: This could mean that the server did not provide the 
intermediate CA's certificate(s), which is nothing fetchmail could do 
anything about.  For details, please see the README.SSL-SERVER document 
that ships with fetchmail.
fetchmail: This could mean that the root CA's signing certificate is not 
in the trusted CA certificate location, or that c_rehash needs to be run 
on the certificate directory. For details, please see the documentation 
of --sslcertpath and --sslcertfile in the manual page.
fetchmail: OpenSSL reported: error:1416F086:SSL 
routines:tls_process_server_certificate:certificate verify failed

Thank you.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1
  2019-08-29  4:48         ` Eliza
@ 2019-08-29 19:20           ` René Berber
  2019-08-29 21:26           ` Andrey Repin
  1 sibling, 0 replies; 8+ messages in thread
From: René Berber @ 2019-08-29 19:20 UTC (permalink / raw)
  To: cygwin

On 8/28/2019 10:05 PM, Eliza wrote:

[snip]
> Yes the certs files are there:
> 
> $ ls /etc/pki/tls/certs
> ca-bundle.crtÂ  ca-bundle.trust.crt

Oops! Sorry, that's just the location of links to the real certs.
Better try:

ls -al /etc/pki/ca-trust/extracted/{pem,openssl}

In .fetchmailrc, is there any parameter specifying this location, or is
using all defaults (i.e. no parameters starting with ssl)?
-- 
R.Berber

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1
  2019-08-29  4:48         ` Eliza
  2019-08-29 19:20           ` René Berber
@ 2019-08-29 21:26           ` Andrey Repin
  1 sibling, 0 replies; 8+ messages in thread
From: Andrey Repin @ 2019-08-29 21:26 UTC (permalink / raw)
  To: Eliza, cygwin

Greetings, Eliza!

> fetchmail -v got the same error at the bottom lines.

>   unable to get local issuer certificate
> fetchmail: Broken certification chain at: /C=US/O=DigiCert 
> Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018
> fetchmail: This could mean that the server did not provide the 
> intermediate CA's certificate(s), which is nothing fetchmail could do 
> anything about.  For details, please see the README.SSL-SERVER document 
> that ships with fetchmail.
> fetchmail: This could mean that the root CA's signing certificate is not 
> in the trusted CA certificate location, or that c_rehash needs to be run 
> on the certificate directory. For details, please see the documentation 
> of --sslcertpath and --sslcertfile in the manual page.
> fetchmail: OpenSSL reported: error:1416F086:SSL 
> routines:tls_process_server_certificate:certificate verify failed

Point --sslcertfile to /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt


-- 
With best regards,
Andrey Repin
Thursday, August 29, 2019 23:40:57

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2019-08-29 20:50 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-28 12:53 [ANNOUNCEMENT] TEST: fetchmail 6.4.0.rc3-1 Corinna Vinschen
2019-08-29  1:35 ` Eliza
2019-08-29  1:47   ` René Berber
2019-08-29  2:54     ` Eliza
2019-08-29  3:05       ` René Berber
2019-08-29  4:48         ` Eliza
2019-08-29 19:20           ` René Berber
2019-08-29 21:26           ` Andrey Repin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).