On 03/10/2019 14:32, russellbell@xxxxxxxxx wrote:
fetchmail fails when openssl reports an error 114 (I think)
stat("/etc/ssl/certs/4a6481c9.0", {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
openat(AT_FDCWD, "/etc/ssl/certs/4a6481c9.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
read(4, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1354
read(4, "", 4096) = 0
close(4) = 0
stat("/etc/ssl/certs/4a6481c9.1", 0x7ffefc274100) = -1 ENOENT (No such file or directory)
write(1, "fetchmail: SSL verify callback d"..., 71) = 71
write(1, "fetchmail: Certificate chain, fr"..., 70) = 70
write(1, "fetchmail: Issuer Organization: "..., 43) = 43
write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
write(1, "fetchmail: SSL verify callback d"..., 71) = 71
write(1, "fetchmail: Certificate at depth "..., 35) = 35
write(1, "fetchmail: Issuer Organization: "..., 43) = 43
write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
write(1, "fetchmail: SSL verify callback d"..., 71) = 71
write(1, "fetchmail: Server certificate:\n", 31) = 31
write(1, "fetchmail: Issuer Organization: "..., 54) = 54
write(1, "fetchmail: Issuer CommonName: GT"..., 41) = 41
write(1, "fetchmail: Subject CommonName: p"..., 45) = 45
write(1, "fetchmail: Subject Alternative N"..., 51) = 51
write(1, "fetchmail: pop.gmail.com key fin"..., 90) = 90
fstat(2, {st_mode=S_IFREG|0644, st_size=6732357, ...}) = 0
write(2, "fetchmail: pop.gmail.com fingerp"..., 52) = 52
write(3, "\25\3\3\0\2\2P", 7) = 7
write(2, "fetchmail: OpenSSL reported: err"..., 114) = 114
What is an error 114? Why does openssl look for
/etc/ssl/certs/4a6481c9.1 ? All the hashes for my certs end in .0
Linux kernel 5.3.2, Slackware latest, fetchmail 6.4.1, OpenSSL 1.1.1d 10 Sep 2019
This looks like the output of running strace on fetchmail.
114 in the last line is just the number of characters in the error
message printed by fetchmail, the first 33 of those 114 characters
are "fetchmail: OpenSSL reported: err", the remaining 81 are not
shown above.
The hashed name ending in ".1" is OpenSSL looking to see if you
have more than one cert with the hash value 4a6481c9, which does
happen for some users. If you had such a second cert, OpenSSL
wouldalso load 4a6481c9.2, then 4a6481c9.3 and so on until it
reaches a name you don't have.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
