[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS: checking a self-signed certificate
Hi,
It turns out that I was using the wrong variable. The right one is
starttls-extra-arguments (not 'ssl-program-arguments').
Neal
P.S. I apologize if you get multiple copies of this mail. I already
sent this mail once, but I never received a copy (although I did for
my initial post in this thread).
At Wed, 25 Mar 2015 15:11:28 +0100,
Neal H. Walfield wrote:
>
> Hi,
>
> I've just upgraded to Debian Jessie. When I connect to my mail
> server, gnutls now complains that it can't verify the server's
> certificate ("The certificate is NOT trusted. The certificate issuer
> is unknown."). I don't want to enable insecure mode as I've
> apparently been using so far. Instead, I want gnutls to check the
> certificate, which I have saved locally. I can't figure out how to do
> that, however. I suspect that it has something to do with
> 'ssl-program-arguments', but I can't figure out the magic incantation.
> I thought I could just pass --x509certfile /home/us/mail.pem, but I
> get the same error. Anyone have any ideas?
>
> Thanks,
>
> Neal
>
>