There's been a hackathon this past week, libressl has seen some major changes. If the problem persists on a fully up-to-date snapshot then write a mail to bugs@ with as much information about how to reproduce it as possible - sample config files etc would make it easier. (In the case of fetchmail, sample config that doesn't delete anything in the mailbox!)
On 2020-01-25, putrid soul <[email protected]> wrote: > After updating to a recent snapshot I faced the following > messages upon running fetchmail (ver=6.3.26p3) command. > > The config .fetchmailrc is the same as before > > $ fetchmail > fetchmail: Server certificate verification error: self signed certificate > fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please > fix your client./CN=invalid2.invalid Ha, that is a nice trick on their side! > fetchmail: This could mean that the root CA's signing certificate is not in > the trusted CA certificate location, > or that c_rehash needs to be run on the certificate directory. For details, > please see the documentation of --ssl > certpath and --sslcertfile in the manual page. > fetchmail: Warning: the connection is insecure, continuing anyways. (Better *sigh* is this default behaviour for fetchmail or did you need to tell it to accept unvalidated certs? That's dangerous if it's the default. > use --sslcertck!) > fetchmail: No mail for [email protected] at pop.gmail.com > > From this I can extract that the certs on this snapshot are not > configured properly. On the snapshot before the most recent one the messages No this is a problem with SNI not certs. > were quite different - there was ssl socket error now it's the > above. > > $ dmesg > OpenBSD 6.6-current (GENERIC.MP) #613: Thu Jan 16 13:52:56 MST 2020 > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP >
