|

»

debian-bugs-dist

Bug#339609: 'Server CommonName mismatch' without SSL

View: New views

3 Messages — Rating Filter: Alert me

	Bug#339609: 'Server CommonName mismatch' without SSL by Burton Windle :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message Package: fetchmail Version: 6.2.5-18 Fetchmail is giving me warnings about 'Server CommonName mismatch'; however, I am not using SSL to retrieve my email. This error message seems to be part of the SSL_verify_callback function, which is puzzling. Example output: fetchmail: Server CommonName mismatch: mail.dreamhost.com != mail.fint.org fetchmail: Server CommonName mismatch: mail.dreamhost.com != mail.fint.org My .fetchmail file: poll mail.fint.org protocol: POP3 username: burton password: <removed> is bwindle here; I am calling fetchmail from cron every 10 minutes, with "fetchmail -t 45 -b 5". This is on Debian Testing, Linux kernel x86 2.6.14, with openssl 0.9.8a-3 and libc6 2.3.5-6. -- To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Bug#339609: [pkg-fetchmail-maint] Bug#339609: 'Server CommonName mismatch' without SSL by Nico Golde-3 :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message tags 339609 + upstream * Burton Windle <bwindle@...> [2005-11-17 18:13]: > Package: fetchmail > Version: 6.2.5-18 > > Fetchmail is giving me warnings about 'Server CommonName > mismatch'; however, I am not using SSL to retrieve my email. > This error message seems to be part of the SSL_verify_callback > function, which is puzzling. > > Example output: > > fetchmail: Server CommonName mismatch: mail.dreamhost.com != > mail.fint.org > fetchmail: Server CommonName mismatch: mail.dreamhost.com != > mail.fint.org > > > My .fetchmail file: > > poll mail.fint.org > protocol: POP3 > username: burton > password: <removed> > is bwindle here; > > > I am calling fetchmail from cron every 10 minutes, with > "fetchmail -t 45 -b 5". > > This is on Debian Testing, Linux kernel x86 2.6.14, with openssl > 0.9.8a-3 and libc6 2.3.5-6. -- Nico Golde - JAB: nion@... \| GPG: 0x73647CFF http://www.ngolde.de \| http://www.muttng.org \| http://grml.org Forget about that mouse with 3/4/5 buttons - gimme a keyboard with 103/104/105 keys! attachment0 (196 bytes) Download Attachment
	Bug#339609: [pkg-fetchmail-maint] Bug#339609: 'Server CommonName mismatch' without SSL by Matthias Andree :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message On Thu, 17 Nov 2005, Burton Windle wrote: > Fetchmail is giving me warnings about 'Server CommonName mismatch'; > however, I am not using SSL to retrieve my email. This error message seems > to be part of the SSL_verify_callback function, which is puzzling. Burton, your POP3 server is offering the STLS extension (start TLS in-band, to encrypt the remainder of the conversation) and fetchmail will be using TLS v1 by default if offered. To get rid of the problem, you can try either of these: - use the right server name: if the server is identical to the one its name it prints (check with host or dig if the IPs are identical), just use the name from the certificate instead of the one you configured - use the "sslfingerprint" option: this tells fetchmail to validate the server certificate's fingerprint - tell fetchmail not to negotiate TLS: add sslproto '' to your configuration. If sslproto is not set at all (rather than empty), fetchmail will default to a context-dependent default SSL/TLS protocol. Note this is not a fetchmail bug. The manual page of the upcoming fetchmail-6.3.0 version will mention the sslproto '' solution, too and mention (in the --ssl paragraphs) that fetchmail may try TLS without this option. If any of the suggestions above solves (or does not solve) your problem, please follow up to this message with details. If your problem is gone, please change the reply address to 339609-done (append "-done") so the bug is closed. Thank you. -- Matthias Andree -- To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...