[sylpheed:30662] Re: Sylpheed 2.3.0 released
Moritz Heiber
moe at lunar-linux.org
Sun Dec 31 22:53:34 JST 2006
Hi Milan,
are you sure this is working? I just tried it and although sylpheed
finds the certification file (certs.crt) it still complains about their
invalidity. I used the method you described below (openssl s_client ..).
Any pointers?
Regards,
Moritz
On Fri, 29 Dec 2006 12:58:37 +0100
Milan Holzäpfel <lists at mjh.name> wrote:
> On Wed, 27 Dec 2006 18:57:20 +0200
> Onur Küçük <onur at delipenguen.net> wrote:
>
> > I am also having trouble with this dialog especially on self-signed
> > servers that I know the certificate of. I prefer that sylpheed
> > remember what "might be broken cert" I accepted and not ask me
> > again.
>
> At the moment, I think you need to provide Sylpheed with self-signed
> certificates you want to use. You can do that by placing them into
> ~/sylpheed-2.0/certs.crt. "sylpheed --debug" shows me sth like:
>
> | jag at bombax ~ $ sylpheed --debug
> | ssl_init(): certs dir /home/jag/.sylpheed-2.0/certs found.
> | looking for /home/jag/.sylpheed-2.0/ca-certificates.crt
> | looking for /home/jag/.sylpheed-2.0/ca-bundle.crt
> | looking for /home/jag/.sylpheed-2.0/certs.crt
> | ssl_init(): certs file /home/jag/.sylpheed-2.0/certs.crt found.
>
> iirc it didn't use the files in ~/.sylpheed-2.0/certs though (files
> named .pem. Maybe Sylpheed looks for .crt?).
> The contents of your certs.crt can look like:
>
> | -----BEGIN CERTIFICATE-----
> | MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
> | [...]
> | omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
> | -----END CERTIFICATE-----
> | -----BEGIN CERTIFICATE-----
> | MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
> | [...]
> | 0m6lG5kngOcLqagA
> | -----END CERTIFICATE-----
>
> You could fetch the needed certificates with a command like this,
> assuming that your ISP is providing IMAP4 via SSL or POP3 via SSL (and
> not only IMAP4 or POP3 with STARTTLS, which could be called the
> preferred way). Cancel the connection with Ctrl+C after the
> information is displayed.
>
> | openssl s_client -host imap.jagdfalke.net -port 993 -showcerts
> | openssl s_client -host pop3.jagdfalke.net -port 995 -showcerts
>
> It would be somewhat more sensible to get the certificate from the
> website of your ISP though.
>
> HTH
> Milan
>
>
> --
> Milan Holzaepfel <mail(a)mjh(d)name> <URL:http://mjh.name/
> > pub 4096R/C790FC23 EB8E 5E81 81E3 53A9 9B74 B895 5179 54C0 C790
> > FC23
>
>
More information about the Sylpheed
mailing list