[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS: checking a self-signed certificate



Hi,

It turns out that I was using the wrong variable.  The right one is
starttls-extra-arguments (not 'ssl-program-arguments').

Neal

P.S.  I apologize if you get multiple copies of this mail.  I already
sent this mail once, but I never received a copy (although I did for
my initial post in this thread).

At Wed, 25 Mar 2015 15:11:28 +0100,
Neal H. Walfield wrote:
> 
> Hi,
> 
> I've just upgraded to Debian Jessie.  When I connect to my mail
> server, gnutls now complains that it can't verify the server's
> certificate ("The certificate is NOT trusted.  The certificate issuer
> is unknown.").  I don't want to enable insecure mode as I've
> apparently been using so far.  Instead, I want gnutls to check the
> certificate, which I have saved locally.  I can't figure out how to do
> that, however.  I suspect that it has something to do with
> 'ssl-program-arguments', but I can't figure out the magic incantation.
> I thought I could just pass --x509certfile /home/us/mail.pem, but I
> get the same error.  Anyone have any ideas?
> 
> Thanks,
> 
> Neal
> 
>