On Tue, Dec 05, 2000 at 02:22:50AM -0500, Jean-Francois Malouin wrote:
> I can now use mutt/uw-imap-2000/openssl with cram-md5 authentication!
> So far I have mutt-1.3.9i on Linux and irix working. Mutt-1.2.5i does
> not seem to like cram-md5 authentication and pine-4.30 (compiled with
> openssl-0.9.6) complains about "[unable to get local issuer certificate...]

I only use mutt-1.2.5i with local mailbox, so I cannot comment about mutt's
possibilities here.
The [unable to get local issuer certificate...] comes from pine not being
able to load the CA certificate from its own storage _and_ the CA certificate
not being sent from uw-imap-2000.
To get rid of this message:
1) Change line 706 of auth_ssl.c from
     if (!SSL_CTX_use_certificate_file (stream->context,tmp,SSL_FILETYPE_PEM))
   to
     if (!SSL_CTX_use_certificate_chain_file (stream->context,tmp))
   and put your certificate and the complete CA chain (sorted from server cert
   down to root CA) into the certificate file.
   Now you should get a "self signed cert in chain" message :-)
2) Now add your root CA cert into pine (don't ask me how).

Documentation about SSL_CTX_use_certificate_chain_file() et al still
pending on my TODO list...

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to