[pkg-fetchmail-maint] Bug#580796: fetchmail: Connection "insecure" in spite of sslfingerprint

Roland Stigge stigge at antcom.de
Sat May 8 17:17:10 UTC 2010 

Package: fetchmail
Version: 6.3.17-1
Severity: normal

Hi,

I just upgraded fetchmail from 6.3.15-1 to 6.3.17-1 and suddenly, it says:

$ fetchmail 
fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)
fetchmail: No mail for stigge at subdomain.domain.tld
$

which it didn't before. I'm using a .fetchmail stanza like this:

poll subdomain.domain.tld with proto IMAP
        user 'foo' there with password 'bar' is 'quux' here options fetchall expunge 100 sslproto TLS1 sslfingerprint 'AF:22:16:91:5B:9E:5E:FE:A5:3B:28:3E:39:38:E0:27'

I think I can consider the connection "secure" when I know the fingerprint of
the server beforehand and it matches.

And I didn't find a respective note in the fetchmail changelogs.

bye,
  Roland

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages fetchmail depends on:
ii  adduser                     3.112        add and remove users and groups
ii  debianutils                 3.2.3        Miscellaneous utilities specific t
ii  libc6                       2.10.2-6     Embedded GNU C Library: Shared lib
ii  libcomerr2                  1.41.11-1    common error description library
ii  libgssapi-krb5-2            1.8.1+dfsg-2 MIT Kerberos runtime libraries - k
ii  libk5crypto3                1.8.1+dfsg-2 MIT Kerberos runtime libraries - C
ii  libkrb5-3                   1.8.1+dfsg-2 MIT Kerberos runtime libraries
ii  libssl0.9.8                 0.9.8n-1     SSL shared libraries
ii  lsb-base                    3.2-23.1     Linux Standard Base 3.2 init scrip

Versions of packages fetchmail recommends:
ii  ca-certificates               20090814   Common CA certificates

Versions of packages fetchmail suggests:
pn  fetchmailconf                 <none>     (no description available)
ii  postfix [mail-transport-agent 2.7.0-1    High-performance mail transport ag
ii  resolvconf                    1.45       name server information handler

-- no debconf information

More information about the pkg-fetchmail-maint mailing list