IMAP && Server certificate has expired

Matthias Apitz guru at unixarea.de
Sun May 31 15:16:03 UTC 2020


El día domingo, mayo 31, 2020 a las 10:56:57a. m. -0400, Ben Boeckel escribió:

> On Sun, May 31, 2020 at 16:43:23 +0200, Matthias Apitz wrote:
> > Doesn't this mean that something on my local system (FreeBSD with
> > OpenSSL, both from end of 2018) is outdated?
> > 
> > $ uname -a
> > FreeBSD c720-r342378 13.0-CURRENT FreeBSD 13.0-CURRENT GENERIC  amd64
> > 
> > $ openssl version
> > OpenSSL 1.1.1a-freebsd  20 Nov 2018
> 
> Ah, yes. You need to check your ca-certificates version, not OpenSSL.
> I'm not sure where FreeBSD gets their bundles though (or the
> package/ports name for it). I imagine Mozilla is the source though, but
> the required certs were added back in Firefox 36 days.

I watched with truss which files mutt opens on start:

$ grep cert mutt.tr
open("/usr/local/openssl/cert.pem",O_RDONLY,0666) = 4 (0x4)
open("/home/guru/.mutt_certificates",O_RDONLY,0666) ERR#2 'No such file or directory'
...

$ ls -l /etc/*/cert.*
lrwxr-xr-x  1 root  wheel  38 23 dic.   2018 /etc/ssl/cert.pem -> /usr/local/share/certs/ca-root-nss.crt
$ ls -l /usr/local/share/certs/ca-root-nss.crt /usr/local/openssl/cert.pem
-rw-r--r--  1 root  wheel  800790 23 dic.   2018 /usr/local/openssl/cert.pem
-rw-r--r--  1 root  wheel  800790 23 dic.   2018 /usr/local/share/certs/ca-root-nss.crt

i.e. I have to bring this up in the FreeBSD mailing list, I think.

I'm wondering why only mutt is affected by this, though.

	matthias

-- 
Matthias Apitz, ✉ guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
May, 9: Спаси́бо освободители! Thank you very much, Russian liberators!


More information about the Mutt-users mailing list