[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS: checking a self-signed certificate

To: wl-en@ml.gentei.org
Subject: Re: TLS: checking a self-signed certificate
From: "Neal H. Walfield" <neal@walfield.org>
Date: Tue, 31 Mar 2015 11:34:53 +0200
In-reply-to: <87iodp6ub3.wl%neal@walfield.org>
References: <87iodp6ub3.wl%neal@walfield.org>
User-agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (Gojō) APEL/10.8 EasyPG/0.0.16 Emacs/24.4 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)

Hi,

It turns out that I was using the wrong variable.  The right one is
starttls-extra-arguments (not 'ssl-program-arguments').

Neal

P.S.  I apologize if you get multiple copies of this mail.  I already
sent this mail once, but I never received a copy (although I did for
my initial post in this thread).

At Wed, 25 Mar 2015 15:11:28 +0100,
Neal H. Walfield wrote:
> 
> Hi,
> 
> I've just upgraded to Debian Jessie.  When I connect to my mail
> server, gnutls now complains that it can't verify the server's
> certificate ("The certificate is NOT trusted.  The certificate issuer
> is unknown.").  I don't want to enable insecure mode as I've
> apparently been using so far.  Instead, I want gnutls to check the
> certificate, which I have saved locally.  I can't figure out how to do
> that, however.  I suspect that it has something to do with
> 'ssl-program-arguments', but I can't figure out the magic incantation.
> I thought I could just pass --x509certfile /home/us/mail.pem, but I
> get the same error.  Anyone have any ideas?
> 
> Thanks,
> 
> Neal
> 
>

References:
- TLS: checking a self-signed certificate
  - From: "Neal H. Walfield" <neal@walfield.org>

Prev by Date: Re: TLS: checking a self-signed certificate
Next by Date: wl & gpg
Previous by thread: Re: TLS: checking a self-signed certificate
Index(es):
- Date
- Thread