Bug#339609: [pkg-fetchmail-maint] Bug#339609: 'Server CommonName
mismatch' without SSL
Matthias Andree
matthias.andree at gmx.de
Thu Nov 17 23:23:46 UTC 2005
On Thu, 17 Nov 2005, Burton Windle wrote:
> Fetchmail is giving me warnings about 'Server CommonName mismatch';
> however, I am not using SSL to retrieve my email. This error message seems
> to be part of the SSL_verify_callback function, which is puzzling.
Burton,
your POP3 server is offering the STLS extension (start TLS in-band, to
encrypt the remainder of the conversation) and fetchmail will be using
TLS v1 by default if offered.
To get rid of the problem, you can try either of these:
- use the right server name: if the server is identical to the one its
name it prints (check with host or dig if the IPs are identical), just
use the name from the certificate instead of the one you configured
- use the "sslfingerprint" option: this tells fetchmail to validate the
server certificate's fingerprint
- tell fetchmail not to negotiate TLS: add sslproto '' to your
configuration. If sslproto is not set at all (rather than empty),
fetchmail will default to a context-dependent default SSL/TLS
protocol.
Note this is not a fetchmail bug. The manual page of the upcoming
fetchmail-6.3.0 version will mention the sslproto '' solution, too and
mention (in the --ssl paragraphs) that fetchmail may try TLS without
this option.
If any of the suggestions above solves (or does not solve) your problem,
please follow up to this message with details. If your problem is gone,
please change the reply address to 339609-done (append "-done") so the
bug is closed.
Thank you.
--
Matthias Andree
More information about the pkg-fetchmail-maint
mailing list