POPFile cannot connect to servers with self-signed ssl certificates

[George Yong]

After upgrade to debian Jessie with the resulting upgrade in perl modules, POPFile can no longer connect to any servers with self-signed ssl certificates, and there is no option to accept self-signed certificates.

My mail client (fetchmail) shows an authentication error:

fetchmail: Authorization failure on example.com:[email protected]:[email protected]

The popfile logs are more specific:

11555: pop3: 626: IO::Socket::INET or IO::Socket::SSL gets an error: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The version of IO::Socket::SSL is 2.002-2.

Is there a workaround without disabling ssl?

[Brian Smith]

there is no option to accept self-signed certificates

A quick look at the Perl documentation found some discussion of how to handle self-signed certificates. So it might be possible to modify POPFile to accept self-signed certificates but I have no idea how much work would be involved or how long it would take.

How many mail servers with self-signed certificates have to be handled by POPFile?

Does POPFile also have to handle servers with "proper" SSL certificates?

SSL handling is being improved for POPFile 1.1.4 but as far as I know nobody has mentioned self-signed certificates until now.

[George Yong]

POPFile already handles servers with proper SSL Certificates well.

I worked around this problem by using the IMAP module (http://getpopfile.org/docs/experimentalmodules:imap) to filter mail on the local server. The mail is retreived by fetchmail which complains about the self-signed SSL certificate but still works.

[Daniel Hahler]

For me the following patch worked: http://getpopfile.org/changeset/3861