[sylpheed:30701] Re: self-signed certificate for pop3s/smtps

Ricardo Nabinger Sanchez rnsanchez at wait4.org
Tue Jan 9 22:15:05 JST 2007 

On Tue, 9 Jan 2007 13:24:06 +0900
Hiroyuki Yamamoto <hiro-y at kcn.ne.jp> wrote:

> Run sylpheed with --debug option, and check the debug message.

ssl_init(): certs dir /home/rnsanchez/.sylpheed-2.0/certs found.
looking for /home/rnsanchez/.sylpheed-2.0/ca-certificates.crt
looking for /home/rnsanchez/.sylpheed-2.0/ca-bundle.crt
looking for /home/rnsanchez/.sylpheed-2.0/certs.crt
looking for /home/rnsanchez/.sylpheed-2.0/certs/ca-certificates.crt
looking for /home/rnsanchez/.sylpheed-2.0/certs/ca-bundle.crt
looking for /home/rnsanchez/.sylpheed-2.0/certs/certs.crt
ssl_init(): certs file /home/rnsanchez/.sylpheed-2.0/certs/certs.crt found.
SSLv23 available
TLSv1 available
...
getting new messages of account Wait4...
LibSylph-Message: Connecting to POP3 server: mail.wait4.org...

Reloading /etc/resolv.conf
SSL connection using RC4-MD5
Server certificate:
  Subject: /C=US/ST=CA/L=Los Angeles/O=DreamHost Web Hosting/OU=DreamHost Security/CN=xxx at xxx.xxx/emailAddress=xxx at xxx.xxx
  Issuer: /C=US/ST=CA/L=Los Angeles/O=DreamHost Web Hosting/OU=DreamHost Security/CN=xxx at xxx.xxx/emailAddress=xxx at xxx.xxx
SSL verify OK
...
getting new messages of account GMail...
LibSylph-Message: Connecting to POP3 server: pop.gmail.com...

SSL connection using DES-CBC3-SHA
Server certificate:
  Subject: /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
  Issuer: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

(sylpheed:884): LibSylph-WARNING **: pop.gmail.com: SSL certificate verify failed (20: unable to get local issuer certificate)

[here I click OK]
Temporarily accept SSL certificate of pop.gmail.com
...

Note that I indeed have the Equifax cert in my ca-root.crt:

Certificate Ingredients:
    Data:
        Version: 3 (0x2)
        Serial Number: 903804111 (0x35def4cf)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
        Validity
            Not Before: Aug 22 16:41:51 1998 GMT
            Not After : Aug 22 16:41:51 2018 GMT
        Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
	...


Any further tips?  :)

Thanks in advance.

-- 
Ricardo Nabinger Sanchez     <rnsanchez@{gmail.com,wait4.org}>
Powered by FreeBSD

  "Left to themselves, things tend to go from bad to worse."

More information about the Sylpheed mailing list