[Eisfair] [E1]: Mail: SSL-Problem

[Rolf Bensch]

Hallo NG,

der Smarthost hat vor ca. 3 Wochen Änderungen an SSL vorgenommen, ich 
hatte neue Fingerprints hinterlegt und alles lief normal - bis heute:

fetchmail: socket error while fetching from web2p1 at 23643.whserv.de
fetchmail: Query status=2 (SOCKET)
fetchmail: Server certificate verification error: unable to get local 
issuer certificate
fetchmail: Broken certification chain at: /C=GB/ST=Greater 
Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
fetchmail: This could mean that the server did not provide the 
intermediate CA's certificate(s), which is nothing fetchmail could do 
anything about.  For details, please see the README.SSL-SERVER ...
fetchmail: This could mean that the root CA's signing certificate is not 
in the trusted CA certificate location, or that c_rehash needs to be run 
on the certificate directory. For details, please see the do...
fetchmail: OpenSSL reported: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
fetchmail: SSL connection failed.

habe danach noch einmal die Fingerprints gecheckt: alles ok.

Rehash ausgeführt (/usr/bin/ssl/c_rehash /usr/local/ssl/certs): keine 
Veränderung

im CERTS-Paket ausgeführt:
    9. Download ca certificate bundle
   10. Download revocation list(s)
   11. Update URLs in OpenSSL configuration

ebenfalls keine Änderung.

Konfig:
FETCHMAIL_8_ACTIVE              =  yes
│   FETCHMAIL_8_SERVER          =  23643.whserv.de
│   FETCHMAIL_8_PROTOCOL        =
│   FETCHMAIL_8_PORT            =  995 (oder leer)
│   FETCHMAIL_8_SSL_PROTOCOL    =  auto (oder tls1)
│   FETCHMAIL_8_SSL_TRANSPORT   =  yes
│   FETCHMAIL_8_SSL_FINGERPRINT = 
4E:E3:F1:E4:CA:7D:08:71:FE:95:9E:EB:06:79:29:91

Was ist passiert? Was kann ich noch tun (außer TLS abzuschalten)?

tnx

Rolf