On Tue, Mar 06, 2012 at 10:13:20PM +0000, James Harper wrote:
fetchmail: Server certificate verification error: self signed certificate fetchmail: Server certificate verification error: certificate has expired
If you want the error go to away then turn off TLS.
you're telling him to misconfigure fetchmail so that it sends his login and password in clear text over the internet. bad advice.
The only thing you are getting out of it is encryption, but that's of little value when you have no idea that you are communicating with the right server, which is the whole point of TLS/SSL.
Wrong on both points. encryption alone is incredibly valuable, and encryption is the whole point of TLS/SSL. identify verification is a secondary, and entirely optional, point. For many purposes, encryption is all that's needed. connecting to your ISP's mail server, for example. or to some dinky little forum site. Certificate verification is only required when it's important that the host you are connecting to is actually who they claim to be (or, at least, that some trusted third party says that they are). Your bank, for example. ebay and paypal for two more. and high-profile, ubiquitous sites like google where a stolen login & password could lead to identity theft. Note Well, however: blindly trusting a cert issued by a commercial CA isn't much (if any) safer than just blindly trusting a self-signed cert. there have been enough compromises of commercial CAs over the years (some of them VERY high profile) to prove that beyond doubt. Judgement is required of the end-user. Unfortunately, this is another way of saying "we're all doomed, PKI is hopelessly compromised" :) craig -- craig sanders <cas@taz.net.au> BOFH excuse #294: PCMCIA slave driver