I figured this out and thought I'd close it out in case someone else runs into the same issue.
Mutt/openssl does not check the default certification path (on my arch system it is /etc/ssl/certs) for trusted CA's. As soon as I put the server certificates in /etc/ssl/certs.pem the connection went through with no problems. As far as I can tell there is no way to tell mutt to tell openssl to check the /etc/ssl/certs path for server certificates. Openssl itself will not check this path by default. Gnutls does not have this problem as there is a ssl_usesystemcertificates option which does not work with openssl, but gnutls has other issues. I can run "openssl s_client -connect [host]:[port]" and I get an error. If I run "openssl s_client -connect [host]:[port] -CApath [path to certs]" everything goes fine. Thunderbird did not have this issue. The first time I connected to this server it asked if I wanted to accept the certificate. Is this something mutt should be doing? Should it provide a way to specify a path to openssl for the trusted system certificates? Steve On 03/27/12 12:30, step...@thecotts.com wrote: > I'm having an issue connecting to one of my IMAP accounts via mutt. > The only error received is "SSL Failed: I/O error" > > I am able to connect to other IMAP servers with the same settings > but not this one. I am never prompted for a user name or password, > just receive the SSL error. > > I have also tried to verify the settings with the following command > and get a successful connection: > > openssl s_client -host imap.us.army.mil -port 993 -verify -debug > -no_ssl2 -no_tls1_2 -no_tls1_1 -no_tls1 > > I tried unsetting all of the ssl options except for sslv3 in mutt > with no success. > > I've been troubleshooting by running Mutt with the following options: > > mutt -n -F ~/.mutt/temp-muttrc > > contents of temp-muttrc: > > set from="[my email address]" > set realname="[my name]" > > set spoolfile="imaps://imap.us.army.mil:993" > set folder="imaps://imap.us.army.mil:993/" > > set certificate_file="~/.mutt/certificates" > > > Steve > > > >
