On Wed, 23 Nov 2016, Steve Litt wrote:
Like a number of applications, alpine checks the system certificates directory for a file containing the server certificate to be validated that's named according to its x509 hash. If it finds it, it trusts it.[snip]Alpine still gives me a bad cert warning, saying I should either fix it or disable checking. I haven't yet found a way to get Alpine to discriminate between a valid self-signed cert and a bad one.
I don't know where Linux distros keep their certs, but on FreeBSD it's in /etc/ssl/certs/. If you've no other way to find out, a brute force search of the alpine binary should locate it, e.g.:
$ strings $(whence alpine) | grep '^/.*certs$' /etc/ssl/certsYou can fetch the certificate from a remote IMAP server and install it in your system certs directory like this:
# cd /path/to/certs &&
openssl s_client -connect remote.server:143 -starttls imap -showcerts </dev/null
2>&0 |
H=$(openssl x509 -hash -out imap.pem) &&
ln -sf imap.pem ${H}.0
# ls -l total 5 lrwxr-xr-x 1 root wheel 11 Nov 23 15:34 3a82ab1a.0 -> imap.pem -rw-r--r-- 1 root wheel 1371 Nov 23 15:34 imap.pem -- Greg Rivers
