Мейлру, забор почты и сертификаты
У меня проблема - при попытке забирать почту с mail.ru - идёт ругань на сертификат (с полгода уже как). По нешифрованному соединению - почта таскается, но ворнинг на сертификат всё равно есть, по шифрованному - таскать отказывается. Собственно, что тут можно поделать?
root@my.host.name:~ # uname -a
FreeBSD my.host.name 10.0-RELEASE-p1 FreeBSD 10.0-RELEASE-p1 #0 r264294: Wed Apr 9 13:16:56 MSK 2014 root@my.host.name:/usr/obj/usr/src/sys/KERNAME amd64
root@my.host.name:~ # cat /usr/local/etc/fetchmailrc
# Your fetchmail configuration goes here.
#
# See fetchmail(1), and/or use fetchmailconf (must not build the port
# WITHOUT_X11).
poll pop.mail.ru protocol pop3 interval 1 username "xxxxxx@mail.ru" password "*********" is "local_mailbox_user_name" here smtphost "my.host.name";
# Тут забор с всяких других ящиков (gmail, свои)
root@my.host.name:~ # cat /var/log/maillog
Oct 2 17:04:35 my.host.name fetchmail[1307]: Server certificate verification error: unable to get local issuer certificate
Oct 2 17:04:35 my.host.name fetchmail[1307]: Broken certification chain at: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Oct 2 17:04:35 my.host.name fetchmail[1307]: This could mean that the server did not provide the intermediate CA's certificate(s), which is nothing fetchmail could do anything about. For details, please see the README.SSL-SERVER document that ships with fetchmail.
Oct 2 17:04:35 my.host.name fetchmail[1307]: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
Oct 2 17:04:35 my.host.name fetchmail[1307]: Server certificate verification error: certificate not trusted
Oct 2 17:04:35 my.host.name fetchmail[1307]: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)
Oct 2 17:04:39 my.host.name fetchmail[1307]: Server certificate verification error: unable to get local issuer certificate
Oct 2 17:04:39 my.host.name fetchmail[1307]: Broken certification chain at: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Oct 2 17:04:39 my.host.name fetchmail[1307]: This could mean that the server did not provide the intermediate CA's certificate(s), which is nothing fetchmail could do anything about. For details, please see the README.SSL-SERVER document that ships with fetchmail.
Oct 2 17:04:39 my.host.name fetchmail[1307]: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
Oct 2 17:04:39 my.host.name fetchmail[1307]: Server certificate verification error: certificate not trusted
Oct 2 17:04:39 my.host.name fetchmail[1307]: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)
Куда копать?
root@my.host.name:~ # uname -a
FreeBSD my.host.name 10.0-RELEASE-p1 FreeBSD 10.0-RELEASE-p1 #0 r264294: Wed Apr 9 13:16:56 MSK 2014 root@my.host.name:/usr/obj/usr/src/sys/KERNAME amd64
root@my.host.name:~ # cat /usr/local/etc/fetchmailrc
# Your fetchmail configuration goes here.
#
# See fetchmail(1), and/or use fetchmailconf (must not build the port
# WITHOUT_X11).
poll pop.mail.ru protocol pop3 interval 1 username "xxxxxx@mail.ru" password "*********" is "local_mailbox_user_name" here smtphost "my.host.name";
# Тут забор с всяких других ящиков (gmail, свои)
root@my.host.name:~ # cat /var/log/maillog
Oct 2 17:04:35 my.host.name fetchmail[1307]: Server certificate verification error: unable to get local issuer certificate
Oct 2 17:04:35 my.host.name fetchmail[1307]: Broken certification chain at: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Oct 2 17:04:35 my.host.name fetchmail[1307]: This could mean that the server did not provide the intermediate CA's certificate(s), which is nothing fetchmail could do anything about. For details, please see the README.SSL-SERVER document that ships with fetchmail.
Oct 2 17:04:35 my.host.name fetchmail[1307]: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
Oct 2 17:04:35 my.host.name fetchmail[1307]: Server certificate verification error: certificate not trusted
Oct 2 17:04:35 my.host.name fetchmail[1307]: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)
Oct 2 17:04:39 my.host.name fetchmail[1307]: Server certificate verification error: unable to get local issuer certificate
Oct 2 17:04:39 my.host.name fetchmail[1307]: Broken certification chain at: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Oct 2 17:04:39 my.host.name fetchmail[1307]: This could mean that the server did not provide the intermediate CA's certificate(s), which is nothing fetchmail could do anything about. For details, please see the README.SSL-SERVER document that ships with fetchmail.
Oct 2 17:04:39 my.host.name fetchmail[1307]: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
Oct 2 17:04:39 my.host.name fetchmail[1307]: Server certificate verification error: certificate not trusted
Oct 2 17:04:39 my.host.name fetchmail[1307]: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)
Куда копать?