On Fri, Jun 15, 2007 at 03:54:11PM -0400, Penguin Lover Willie Wong squawked:
> But thanks to that, I got on the right direction: turns out that my
> department switched from using a self-signed certificate to using one
> from IPSCA, so I've been barking up the wrong tree when trying to
> solve the problem. The link that I gave was, apparent to me now, old,
> and so importing that cert had no impact. I went and imported the
> IPSCA root cert and now all's good.
What's up with openssl and ca-certificates?
Trying to connect to my school's imap server, I get
openssl s_client -connect imap.math.princeton.edu:993
<snip>
Verify return code: 19 (self signed certificate in certificate chain)
But if I issue
openssl s_client -connect imap.math.princeton.edu:993 -CApath /etc/ssl/certs/
<snip>
Verify return code: 0 (ok)
It seems that the openssl s_client doesn't know about the default
certs in /etc/ssl/certs (The one in question is IPSCa's root
certificate, which is included in the ca-certificates package).
I think this is also the root of my problem with fetchmail: I had to
include explicitly in .fetchmailrc the line 'sslcertpath
/etc/ssl/certs' to have the default set of CAs recognized.
Is there a configuration switch somewhere that would let openssl be
aware of the root CAs that comes with the ca-certificates package?
Else the latter seems rather useless.
Best,
W
--
English lessons for programmers #28:
"Fewer" is of type int; whereas "less" is of type double.
Sortir en Pantoufles: up 189 days, 20:38
--
[EMAIL PROTECTED] mailing list
