Opened 8 years ago

Last modified 7 years ago

#199 new defect

POPFile cannot connect to servers with self-signed ssl certificates

Reported by: George Yong Owned by:
Priority: high Milestone:
Component: unknown Version: 1.1.3
Severity: critical Keywords: ssl


After upgrade to debian Jessie with the resulting upgrade in perl modules, POPFile can no longer connect to any servers with self-signed ssl certificates, and there is no option to accept self-signed certificates.

My mail client (fetchmail) shows an authentication error:

fetchmail: Authorization failure on[email protected]:[email protected]

The popfile logs are more specific:

11555: pop3: 626: IO::Socket::INET or IO::Socket::SSL gets an error: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The version of IO::Socket::SSL is 2.002-2.

Is there a workaround without disabling ssl?

Change History (3)

comment:1 by Brian Smith, 8 years ago

there is no option to accept self-signed certificates

A quick look at the Perl documentation found some discussion of how to handle self-signed certificates. So it might be possible to modify POPFile to accept self-signed certificates but I have no idea how much work would be involved or how long it would take.

How many mail servers with self-signed certificates have to be handled by POPFile?

Does POPFile also have to handle servers with "proper" SSL certificates?

SSL handling is being improved for POPFile 1.1.4 but as far as I know nobody has mentioned self-signed certificates until now.

comment:2 by George Yong, 8 years ago

POPFile already handles servers with proper SSL Certificates well.

I worked around this problem by using the IMAP module ( to filter mail on the local server. The mail is retreived by fetchmail which complains about the self-signed SSL certificate but still works.

comment:3 by Daniel Hahler, 7 years ago

For me the following patch worked:

Note: See TracTickets for help on using tickets.