Ticket #199 (new defect)

Opened 2 years ago

Last modified 2 years ago

POPFile cannot connect to servers with self-signed ssl certificates

Reported by: georgeyong Assigned to:
Priority: high Milestone:
Component: unknown Version: 1.1.3
Severity: critical Keywords: ssl
Cc:

Description

After upgrade to debian Jessie with the resulting upgrade in perl modules, POPFile can no longer connect to any servers with self-signed ssl certificates, and there is no option to accept self-signed certificates.

My mail client (fetchmail) shows an authentication error:

fetchmail: Authorization failure on example.com:example@example.com:ssl@localhost

The popfile logs are more specific:

11555: pop3: 626: IO::Socket::INET or IO::Socket::SSL gets an error: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The version of IO::Socket::SSL is 2.002-2.

Is there a workaround without disabling ssl?

Change History

06/04/15 20:35:21 changed by brian

there is no option to accept self-signed certificates

A quick look at the Perl documentation found some discussion of how to handle self-signed certificates. So it might be possible to modify POPFile to accept self-signed certificates but I have no idea how much work would be involved or how long it would take.

How many mail servers with self-signed certificates have to be handled by POPFile?

Does POPFile also have to handle servers with "proper" SSL certificates?

SSL handling is being improved for POPFile 1.1.4 but as far as I know nobody has mentioned self-signed certificates until now.

09/05/15 05:00:36 changed by georgeyong

POPFile already handles servers with proper SSL Certificates well.

I worked around this problem by using the IMAP module (http://getpopfile.org/docs/experimentalmodules:imap) to filter mail on the local server. The mail is retreived by fetchmail which complains about the self-signed SSL certificate but still works.

01/06/16 13:45:26 changed by blueyed

For me the following patch worked: http://getpopfile.org/changeset/3861