[sylpheed:30651] Re: Sylpheed 2.3.0 released

Milan Holzäpfel lists at mjh.name
Fri Dec 29 20:58:37 JST 2006


On Wed, 27 Dec 2006 18:57:20 +0200
Onur Küçük <onur at delipenguen.net> wrote:

> I am also having trouble with this dialog especially on self-signed
> servers that I know the certificate of. I prefer that sylpheed
> remember what "might be broken cert" I accepted and not ask me again.

At the moment, I think you need to provide Sylpheed with self-signed
certificates you want to use.  You can do that by placing them into
~/sylpheed-2.0/certs.crt.  "sylpheed --debug" shows me sth like:

| jag at bombax ~ $ sylpheed --debug
| ssl_init(): certs dir /home/jag/.sylpheed-2.0/certs found.
| looking for /home/jag/.sylpheed-2.0/ca-certificates.crt
| looking for /home/jag/.sylpheed-2.0/ca-bundle.crt
| looking for /home/jag/.sylpheed-2.0/certs.crt
| ssl_init(): certs file /home/jag/.sylpheed-2.0/certs.crt found.

iirc it didn't use the files in  ~/.sylpheed-2.0/certs though (files
named .pem. Maybe Sylpheed looks for .crt?).
The contents of your certs.crt can look like:

| -----BEGIN CERTIFICATE-----
| MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
| [...]
| omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
| -----END CERTIFICATE-----
| -----BEGIN CERTIFICATE-----
| MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
| [...]
| 0m6lG5kngOcLqagA
| -----END CERTIFICATE-----

You could fetch the needed certificates with a command like this,
assuming that your ISP is providing IMAP4 via SSL or POP3 via SSL (and
not only IMAP4 or POP3 with STARTTLS, which could be called the
preferred way).  Cancel the connection with Ctrl+C after the
information is displayed.

| openssl s_client -host imap.jagdfalke.net -port 993 -showcerts
| openssl s_client -host pop3.jagdfalke.net -port 995 -showcerts

It would be somewhat more sensible to get the certificate from the
website of your ISP though.

HTH
Milan


--
Milan Holzaepfel <mail(a)mjh(d)name>             <URL:http://mjh.name/>
pub  4096R/C790FC23  EB8E 5E81 81E3 53A9 9B74  B895 5179 54C0 C790 FC23

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : http://www.sraoss.jp/pipermail/sylpheed/attachments/20061229/8d18bfcd/attachment.bin 


More information about the Sylpheed mailing list