[sylpheed:36530] Re: Sylpheed Digest, Vol 122, Issue 7

John Angelico jatalldad at gmail.com
Mon Mar 6 15:22:22 JST 2017 

I have confirmed with my ISP (geek son who runs our server but has shifted
to remote hosting instead of in-house hosting) that certificates are not
the source of the problem.

Best Regards
John Angelico


On 28 February 2017 at 14:00, <sylpheed-request at sraoss.jp> wrote:

>
>
> Today's Topics:
>
>    1. [sylpheed:36518] Re: IMAP4 & STARTTLS (Rich Coe)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 27 Feb 2017 08:20:30 -0600
> From: Rich Coe <rcoe at wi.rr.com>
> To: sylpheed at sraoss.jp
> Subject: [sylpheed:36518] Re: IMAP4 & STARTTLS
> Message-ID: <20170227082030.f7a8405c15dbe2d7dfc76025 at wi.rr.com>
> Content-Type: text/plain; charset=US-ASCII
>
> On Mon, 27 Feb 2017 12:54:18 +1100
> John Angelico <jatalldad at gmail.com> wrote:
> > My server has increased security by invoking SSL, using STARTTLS.
> >
> > However, I cannot get Sylpheed 3.5.0 beta1 build 1161 on Linux
> > 3.16.0-4-amd64 (x86_64) Debian Jessie to make a server connection.
> >
> > Also today Melbourne Australia time we built and tested 3.5.1 but got the
> > same error - Could not establish a connection to the server
> >
> > Do  I need to supply any further data?
> >
> > Has anyone else reported difficulties with STARTTLS?
> >
> > Where to next?
>
> The worst problem I've had with TLS in general is getting the certificate
> used by the server to be accepted by the client.  I'm just guessing that
> it might be the problem.
>
> Is there a client side certificate you had to install from your provider?
> If there was, did you use 'openssl verify' to make sure your client can
> validate the server cert?  If the chain of trust for the cert cannot be
> verified, ssl is going to reject the connection.  You may have to install
> certs into your linux box (they are usually installed by default) from the
> provider that signed the server cert.
>
> If it's a self signed cert, you will have to install it.  I believe
> Sylpheed
> let's you install a self signed cert.  It's been a number of years since
> I've had to do it, and Sylpheed at the moment won't let me open
> 'Configuration' while composing.
>
> I would run 'sylpheed --debug > out.1' to capture what sylpheed is doing
> when trying to download email.
>
> These are my notes for dealing with certs.  They came from the internet
> after sifting through helpful web-pages.
>
> >>>> Here's what I did to manually install a intermediate cert that I did
> >>>> not have in order to verify a server side cert.
>     # the url came from the cert that was signed by a remote server
>     wget https://www.digicert.com/CACerts/DigiCertHighAssuranceEVCA-1.crt
>     openssl x509 -in DigiCertHighAssuranceEVCA-1.crt -inform DEM \
>         -out DigiCertHighAssuranceEVCA-1.pem -outform PEM
>     openssl verify -verbose -CApath /etc/ssl/certs DigiCert.pem
>     openssl x509 -noout -hash -in DigiCert.pem
>     cp DigiCert.pem /var/lib/ca-certificates/pem/
>     ln -s /var/lib/ca-certificates/DigiCert.pm /etc/ssl/certs/
>     ln -s /etc/ssl/certs/DigiCert.pem `hash`.0
>
> >>>> Here's what I did to view a cert
>     openssl x509 -noout -text -in DigiCert.pem
>
> >>>> Here's what I did look at the dates in a cert
>     # sometimes a cert is expired
>     openssl x509 -noout -issuer -subject -dates -in DigiCert.pem
>
>
> Rich
> --
> Rich Coe     rcoe at wi.rr.com
>
>
> ------------------------------
>
> _______________________________________________
> Sylpheed mailing list
> Sylpheed at sraoss.jp
> http://www.sraoss.jp/mailman/listinfo/sylpheed
>
>
> End of Sylpheed Digest, Vol 122, Issue 7
> ****************************************
>

More information about the Sylpheed mailing list