From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/58420 Path: main.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.gnus.general Subject: Re: Setting SSL certificate authority? Date: Thu, 09 Sep 2004 11:44:56 +0200 Sender: ding-owner@lists.math.uh.edu Message-ID: References: NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1094723242 9230 80.91.224.253 (9 Sep 2004 09:47:22 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 9 Sep 2004 09:47:22 +0000 (UTC) Original-X-From: ding-owner+M6962@lists.math.uh.edu Thu Sep 09 11:47:12 2004 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1C5LWJ-00082K-00 for ; Thu, 09 Sep 2004 11:47:12 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu ident=lists) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1C5LUa-0006In-00; Thu, 09 Sep 2004 04:45:24 -0500 Original-Received: from util2.math.uh.edu ([129.7.128.23]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1C5LUV-0006Ii-00 for ding@lists.math.uh.edu; Thu, 09 Sep 2004 04:45:19 -0500 Original-Received: from justine.libertine.org ([66.139.78.221] ident=postfix) by util2.math.uh.edu with esmtp (Exim 4.30) id 1C5LUT-000182-74 for ding@lists.math.uh.edu; Thu, 09 Sep 2004 04:45:17 -0500 Original-Received: from main.gmane.org (main.gmane.org [80.91.224.249]) by justine.libertine.org (Postfix) with ESMTP id E12753A0026 for ; Thu, 9 Sep 2004 04:45:14 -0500 (CDT) Original-Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1C5LUO-0006lg-00 for ; Thu, 09 Sep 2004 11:45:12 +0200 Original-Received: from c494102a.s-bi.bostream.se ([217.215.27.65]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 09 Sep 2004 11:45:12 +0200 Original-Received: from jas by c494102a.s-bi.bostream.se with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 09 Sep 2004 11:45:12 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-To: ding@gnus.org Original-Lines: 18 Original-X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: c494102a.s-bi.bostream.se User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux) Cancel-Lock: sha1:4M8n9Rmcq+1k5h2CF3684WmwUrg= Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:58420 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:58420 Dave Abrahams writes: > Hi, > > I've been connecting to my IMAP server with SSL, but the other day a > certificate expired and I had to turn SSL off. My sysadmin has volunteered to > set up a local certificate authority so we can avoid buying new certificates. > That'd be secure enough for me if I knew how to tell Gnus to use that > authority. Can anyone help? Do you use OpenSSL, starttls or GnuTLS? GnuTLS is the recommend solution, if you use it: customize `tls-program' and add a --x509cafile parameter pointing at the CA file. IIRC, OpenSSL and starttls doesn't quit on verification failures. What went wrong when the certificate expired?