diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2010-04-12 19:24:28 +0200 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2010-04-13 00:59:35 +0200 |
commit | ca34b1e05a7846f32880961dc34f2dcd2cf2be28 (patch) | |
tree | 4c48ca161e479e30de0f623bcd00bff41955cb1b | |
parent | 42e440f3bf4698e3ad273b4eb28bc504656573a1 (diff) | |
download | fetchmail-ca34b1e05a7846f32880961dc34f2dcd2cf2be28.tar.gz fetchmail-ca34b1e05a7846f32880961dc34f2dcd2cf2be28.tar.bz2 fetchmail-ca34b1e05a7846f32880961dc34f2dcd2cf2be28.zip |
Add R14 on c_rehash /certs/ after upgrade to OpenSSL 1.0.0.
-rw-r--r-- | fetchmail-FAQ.html | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index 9cc325f6..586b334e 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -186,7 +186,8 @@ messages but before deleting them</a><br/> <a href="#R11">R11. My server is hanging or emitting errors on CAPA.</a><br/> <a href="#R12">R12. Fetchmail isn't working and reports getaddrinfo errors.</a><br /> -<a href="#R13">R13. What does "Interrupted system call" mean?</a> +<a href="#R13">R13. What does "Interrupted system call" mean?</a><br /> +<a href="#R14">R14. Since upgrading fetchmail/OpenSSL, I can no longer connect!</a><br /> <h2 id="C_H">Hangs and lockups</h2> @@ -2474,6 +2475,32 @@ declaration <tt>auth password</tt> in your .fetchmailrc.</p> interrupt long-running functions and will then be reported as "Interrupted system call". These can sometimes be timeouts.</p> +<h2><a id="R14" name="R14">R14. Since upgrading fetchmail/OpenSSL, I can no longer connect!</a></h2> + +<p>If the upgrade you did encompassed an upgrade to OpenSSL 1.0.0 or newer, you +may need to run <code>c_rehash</code> on your certificate directories, +particularly if you are using local certs directories (f. i. through fetchmail's <code>--sslcertpath</code> option).</p> + +<p>Reason: OpenSSL 1.0.0, relative to earlier versions, uses a different hash +for the symbolic links (symlinks) in its <code>certs/</code> directory, so you +need to recreate the symlinks by running <kbd>c_rehash + /etc/ssl/certs</kbd> (adjust this to where your installation keeps its +certificates), and you cannot easily share this certs directory with +applications linked against older OpenSSL versions.</p> + +<p>Note: OpenSSL's <code>c_rehash</code> script is broken in several versions, +which can cause malfunction if several OpenSSL tools versions are installed in +parallel in separate directories. In such cases, you may need a workaround to +get things going. Assuming your OpenSSL 1.0.0 is installed in +<code>/opt/openssl1.0.0</code> and your certificates are in +<code>/home/hans/certs</code>, you'd do this (the corresponding fetchmail +option is <kbd>--sslcertpath /home/hans/certs</kbd> on the commandline and +<kbd>sslcertpath /home/hans/cert</kbd> in the rcfile):</p> + +<pre> +env PATH=/opt/openssl1.0.0/bin /opt/openssl1.0.0/bin/c_rehash /home/hans/certs +</pre> + <hr/> <h1>Hangs and lockups</h1> <h2><a id="H1" name="H1">H1. Fetchmail hangs when used with |