On Tue, Dec 05, 2000 at 02:22:50AM -0500, Jean-Francois Malouin wrote:
> I can now use mutt/uw-imap-2000/openssl with cram-md5 authentication!
> So far I have mutt-1.3.9i on Linux and irix working. Mutt-1.2.5i does
> not seem to like cram-md5 authentication and pine-4.30 (compiled with
> openssl-0.9.6) complains about "[unable to get local issuer certificate...]
I only use mutt-1.2.5i with local mailbox, so I cannot comment about mutt's
possibilities here.
The [unable to get local issuer certificate...] comes from pine not being
able to load the CA certificate from its own storage _and_ the CA certificate
not being sent from uw-imap-2000.
To get rid of this message:
1) Change line 706 of auth_ssl.c from
if (!SSL_CTX_use_certificate_file (stream->context,tmp,SSL_FILETYPE_PEM))
to
if (!SSL_CTX_use_certificate_chain_file (stream->context,tmp))
and put your certificate and the complete CA chain (sorted from server cert
down to root CA) into the certificate file.
Now you should get a "self signed cert in chain" message :-)
2) Now add your root CA cert into pine (don't ask me how).
Documentation about SSL_CTX_use_certificate_chain_file() et al still
pending on my TODO list...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
