Message-ID: <4F9865AE.9060004@gmail.com>
Date: Wed, 25 Apr 2012 23:59:26 +0300
From: Vladimir Shatilo <vladimir.shatilo@gmail.com>
Reply-To: vladimir.shatilo@gmail.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: cygwin@cygwin.com
Subject: fetchmail and openssl
References: <4F986152.5000700@gmail.com>
In-Reply-To: <4F986152.5000700@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com

In the latest cygwin package fetchmail 6.3.18-1 has been compiled with old openssl 0.9.8 library.
This causes errors in ssl certificate validation when connecting to imap or pop3 with ssl.
The problem is openssl 1.0.0 and later has different hash generation algorithm then previous 0.9.8 version.
So after c_rehash symbolic links to valid certificates have different names then fetchmail is looking for.

First I have verified it with strace and have got symbolic link names of certificates that fetchmail is looking for.
I created symbolic links with valid names (according to openssl 0.9.8 hashes) to existing certificates and fetchmail has worked well.

Finally I have compiled fetchmail 6.3.21 from source with openssl 1.0.1a-1 library and have got everything working as required.

So this is required to update fetchmail to 6.3.21 and compile it with latest openssl 1.0.1a-1 library in the main cygwin package.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple