Re: IMAP certificate warning

[Brian Stafford <brian stafford uklinux net>]

On Fri,  9 November 08:09 Toralf Lund wrote:
>> On Thu, Nov 08, 2001 at 08:46:02PM +0100, Albrecht Dreß wrote:
>> >
>> > Am 08.11.2001 15:09:48 schrieb(en) Carlos Morgado:
>> > > actually, we go through the cert check functions, and where mutt
>> would ask
>> > > the user 'what do you want to do now' we just put out that error and
>> get
>> > > on with it.
>> > > the error message is a bit misleading, it doesn't mean the cert is
>> invalid,
>> > > it means we couldn't verify it.  that may happen cause we don't know
>> the
>> > > signers key or somesuch. i'll have to check into this a bit harder,
>> stare
>> > > down my openssl config and try to get some clue.
>> > >
>> > > brian, do you have any insight into all this openssl and cert
>> checking
>> > > thing ? --
>> >
>> > There are several nice examples for OpenSSL usage at the following
>> location
>> > (I used them to learn using libssl...):
>> http://www.rtfm.com/openssl-examples/
>> >
>> neat tkx
>> 
>> > However, I think this is not the complete solution. As you already
>> pointed
>> > out, libmutt used to check the cert. What we need at this point is some
>> 
>> 
>> balsa does too. if the current libmutt code (oh ... 6 months or so old
>> mutt)
>> *can* verify the cert the warning won't be shown. anyway, i noticed mutt
>> is
>> very picky about certs too and that's why i suspect my (*the*) openssl
>> install.
>> if you don't have the root certs localy all certs will fail verification.
> What exactly do you mean by that? The issuer of the certificate is quite 
> definitely in /usr/share/ssl/cert.pem on the client host.

Not necessarily good enough - this isn't really system wide, each individual 
app has to configure this directory via the OpenSSL API.

Brian