193909 – dev-email.xml: Updating SSL fingerprints for pop3 and imap

Bug 193909 - dev-email.xml: Updating SSL fingerprints for pop3 and imap

Summary: dev-email.xml: Updating SSL fingerprints for pop3 and imap

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Infrastructure
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Infrastructure

URL:	http://sources.gentoo.org/viewcvs.py/...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-09-26 20:31 UTC by Torsten Veller (RETIRED)
Modified:	2008-01-15 07:25 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Torsten Veller (RETIRED) gentoo-dev

2007-09-26 20:31:33 UTC

Updated fingerprints in URL don't work here. fingerprints in URL are SHA1 hashes while fetchmail expects MD5 hashes.

fetchmail.1:

| --sslfingerprint <fingerprint>
|     (Keyword: sslfingerprint) Specify the fingerprint of  the  server  key
|     (an  MD5 hash of the key) in hexadecimal notation with colons separat-
|     ing groups of two digits. The letter hex digits must be in upper case.
[...]
|.
|     To  obtain  the  fingerprint  of  a  certificate  stored  in  the file
|     cert.pem, try:
|.
|          openssl x509 -in cert.pem -noout -md5 -fingerprint

POP3:
woodpecker ~ $ openssl s_client -connect localhost:995 -showcerts 2>/dev/null | openssl x509 -noout -fingerprint -md5
MD5 Fingerprint=50:01:91:98:92:B3:40:1B:CC:52:4D:A9:53:58:1E:B1

IMAP:
woodpecker ~ $ openssl s_client -connect localhost:993 -showcerts 2>/dev/null | openssl x509 -noout -fingerprint -md5
MD5 Fingerprint=8F:F0:BF:83:1E:F4:90:42:64:39:9F:A7:01:05:37:C6

Comment 1 Robin Johnson archtester

2008-01-15 07:25:19 UTC

in cvs now.