From ca34b1e05a7846f32880961dc34f2dcd2cf2be28 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Mon, 12 Apr 2010 19:24:28 +0200 Subject: Add R14 on c_rehash /certs/ after upgrade to OpenSSL 1.0.0. --- fetchmail-FAQ.html | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index 9cc325f6..586b334e 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -186,7 +186,8 @@ messages but before deleting them
R11. My server is hanging or emitting errors on CAPA.
R12. Fetchmail isn't working and reports getaddrinfo errors.
-R13. What does "Interrupted system call" mean? +R13. What does "Interrupted system call" mean?
+R14. Since upgrading fetchmail/OpenSSL, I can no longer connect!

Hangs and lockups

@@ -2474,6 +2475,32 @@ declaration auth password in your .fetchmailrc.

interrupt long-running functions and will then be reported as "Interrupted system call". These can sometimes be timeouts.

+

R14. Since upgrading fetchmail/OpenSSL, I can no longer connect!

+ +

If the upgrade you did encompassed an upgrade to OpenSSL 1.0.0 or newer, you +may need to run c_rehash on your certificate directories, +particularly if you are using local certs directories (f. i. through fetchmail's --sslcertpath option).

+ +

Reason: OpenSSL 1.0.0, relative to earlier versions, uses a different hash +for the symbolic links (symlinks) in its certs/ directory, so you +need to recreate the symlinks by running c_rehash + /etc/ssl/certs (adjust this to where your installation keeps its +certificates), and you cannot easily share this certs directory with +applications linked against older OpenSSL versions.

+ +

Note: OpenSSL's c_rehash script is broken in several versions, +which can cause malfunction if several OpenSSL tools versions are installed in +parallel in separate directories. In such cases, you may need a workaround to +get things going. Assuming your OpenSSL 1.0.0 is installed in +/opt/openssl1.0.0 and your certificates are in +/home/hans/certs, you'd do this (the corresponding fetchmail +option is --sslcertpath /home/hans/certs on the commandline and +sslcertpath /home/hans/cert in the rcfile):

+ +
+env PATH=/opt/openssl1.0.0/bin /opt/openssl1.0.0/bin/c_rehash /home/hans/certs
+
+

Hangs and lockups

H1. Fetchmail hangs when used with -- cgit v1.2.3