[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[nmh-workers] fetchmail and SNI (and pop.gmail.com)
|
From: |
Michael Richardson |
|
Subject: |
[nmh-workers] fetchmail and SNI (and pop.gmail.com) |
|
Date: |
Thu, 27 Jun 2019 10:10:06 -0400 |
I have used:
fetchmail --verbose --sslcertpath="/etc/ssl/certs" --sslcertck --proto POP3
--mda "rcvstore -sequence gmail +inbox" --logfile /var/tmp/gmail.log
pop.gmail.com
to get my gmail downloaded for some time now.
It seems that fetchmail doesn't enable SNI for it's TLS connection, and I
don't see any new versions of fetchmail in years. It looks like
pop.gmail.com wants SNI:
fetchmail: Trying to connect to 2607:f8b0:4001:c16::6c/995...connected.
fetchmail: Server certificate:
fetchmail: Unknown Organization
fetchmail: Issuer CommonName: invalid2.invalid
fetchmail: Subject CommonName: invalid2.invalid
fetchmail: Server CommonName mismatch: invalid2.invalid != pop.gmail.com
fetchmail: pop.gmail.com key fingerprint:
90:4A:C8:D5:44:5A:D0:6A:8A:10:FF:CD:8B:11:BE:16
fetchmail: Server certificate verification error: self signed certificate
fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix
your client./CN=invalid2.invalid
[nice hack to send a message back to the user Google...]
I don't think that inc has any TLS support.
(kerberos support, yes)
Maybe there are other ways to skin this cat?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] address@hidden http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature