From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/83148 Path: news.gmane.org!not-for-mail From: =?utf-8?Q?Bj=C3=B8rn_Mork?= Newsgroups: gmane.emacs.gnus.general Subject: Re: SSL problems on dovecot 2.1.7 Date: Thu, 09 May 2013 16:09:10 +0200 Organization: m Message-ID: <871u9g2qk9.fsf@nemi.mork.no> References: <87txmceaxj.fsf@dod.no> <87mws4xwiz.fsf@topper.koldfront.dk> <87li7oe5yy.fsf@dod.no> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1368108674 2275 80.91.229.3 (9 May 2013 14:11:14 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 9 May 2013 14:11:14 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M31414@lists.math.uh.edu Thu May 09 16:11:13 2013 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1UaRYu-0005SC-Mj for ding-account@gmane.org; Thu, 09 May 2013 16:11:13 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1UaRX4-0005Sp-Su; Thu, 09 May 2013 09:09:18 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1UaRX3-0005Se-7x for ding@lists.math.uh.edu; Thu, 09 May 2013 09:09:17 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from ) id 1UaRX0-0000Fz-Oz for ding@lists.math.uh.edu; Thu, 09 May 2013 09:09:16 -0500 Original-Received: from canardo.mork.no ([148.122.252.1]) by quimby.gnus.org with esmtp (Exim 4.72) (envelope-from ) id 1UaRWy-00076J-H8 for ding@gnus.org; Thu, 09 May 2013 16:09:12 +0200 Original-Received: from nemi.mork.no (nemi.mork.no [IPv6:2001:4620:9:2:216:eaff:feb3:788]) (authenticated bits=0) by canardo.mork.no (8.14.4/8.14.4) with ESMTP id r49E9AZf017728 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Thu, 9 May 2013 16:09:11 +0200 Original-Received: from bjorn by nemi.mork.no with local (Exim 4.80) (envelope-from ) id 1UaRWw-0006Gs-MU for ding@gnus.org; Thu, 09 May 2013 16:09:10 +0200 In-Reply-To: <87li7oe5yy.fsf@dod.no> (Steinar Bang's message of "Thu, 09 May 2013 13:40:53 +0200") User-Agent: Gnus/5.11002 (No Gnus v0.20) Emacs/23.4 (gnu/linux) X-Virus-Scanned: clamav-milter 0.97.8 at canardo X-Virus-Status: Clean X-Spam-Score: -6.1 (------) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:83148 Archived-At: Steinar Bang writes: > From what (little) I know about CA-certifictes and signing, I don't > understand that I'm getting these messages...? Because the client > machine here is a debian testing machine, and the cacert.org root > certificate is already in /etc/ssl/certs/ on this machine. FWIW, I see exactly the same on Debian wheezy unless I explicitly point "gnutls-cli" to the CA certificates. Try using gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt etc... I tested "openssl s_client" too, and it seems to have the same problem. It will not use the pre-defined system CA certificates unless I point it to them using openssl s_client -CApath /etc/ssl/certs etc... I assume there is some reason behind this and that it's documented somewhere. I'll just accept it. Bj=C3=B8rn