An example application is mercurial (as shown below):
$ hg clone https://a.b.c.net/public/application/
abort: error: _ssl.c:497: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
The fix is easy:
Get the server certificate fingerprint (sha1 fingerprint of certificate)
$ echo quit |openssl s_client -connecta.b.c.net:443 2>/dev/null|awk '/---BEG/,/--END/' |openssl x509 -fingerprint -noout
SHA1 Fingerprint=69:C7:E4:E7:10:F8:8F:19:F9:5D:92:F3:8D:EC:CF:4F:7B:3E:04:0A
Then edit your ~/.hgrc
...That should fix things up.
[hostfingerprints]
a.b.c.net = 69:C7:E4:E7:10:F8:8F:19:F9:5D:92:F3:8D:EC:CF:4F:7B:3E:04:0A
.....
Same thing can be done for fetchmail:
$ echo quit |openssl s_client -connect mail.xyz.net:143 -starttls imap 2>/dev/null|awk '/---BEG/,/--END/' |openssl x509 -md5 -fingerprint -noout
MD5 Fingerprint=AA:87:67:1A:21:16:50:57:3F:6C:D0:C8:E8:02:19:7C
then fixing your ~/.fetchmailrc
poll mail.xyz.net protocol imap
user "user1" password "somepass123"
sslfingerprint "AA:87:67:1A:21:16:50:57:3F:6C:D0:C8:E8:02:19:7C"
mda "/usr/bin/procmail -d %T "
No comments:
Post a Comment