[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] Fingerprints do not match - how to fix??

To: msmtp-users@lists.sourceforge.net
Subject: Re: [msmtp-users] Fingerprints do not match - how to fix??
From: Martin Lambers <marlam@...23...>
Date: Wed, 27 Jan 2016 08:44:00 +0100
In-reply-to: <CAPFCoitt=6Wnzbb+2JjxfnCve1TbMENB3E3Riy_bmKQ1wdV3OQ@...26...>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=msmtp-users>
List-help: <mailto:msmtp-users-request@lists.sourceforge.net?subject=help>
List-id: "General discussion, questions & answers" <msmtp-users.lists.sourceforge.net>
List-post: <mailto:msmtp-users@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=unsubscribe>
References: <CAPFCoitt=6Wnzbb+2JjxfnCve1TbMENB3E3Riy_bmKQ1wdV3OQ@...26...>

Hi John!

On Tue, 26 Jan 2016 23:19:44 -0500, John Hudak wrote:
> When I have the following in the mstmprc file: tls_trust_file
> /etc/ssl/certs/ca-certificates.crt
> I get the following error:
> cannot load trust file /etc/ssl/certs/ca-certificates.crt:
> error:2D06C06E:FIPS routines:FIPS_module_mode_set:fingerprint does
> not match

Googling for the error message suggest that this might be an issue with
OpenSSL/FIPS. I am not sure though since I do not use either, and I do
not understand the error message.

However, there may be several workarounds:
- Do not use /etc/ssl/certs/ca-certificates.crt.
  Instead, get https://pki.google.com/roots.pem and use that.
- Do not use a trust file, but use fingerprinting instead.
  Get the fingerprint with --serverinfo (you already did that) and
  use it with --tls-fingerprint. Note that these certificate
  fingerprints are not related to the strange error message you got.
- Use a version of msmtp that uses GnuTLS instead of OpenSSL (that is
  recommended and the default anyway).

Regards,
Martin

Follow-Ups:
- Re: [msmtp-users] Fingerprints do not match - how to fix??
  - From: grarpamp <grarpamp@...20...>

References:
- [msmtp-users] Fingerprints do not match - how to fix??
  - From: John Hudak <jjhudak@...20...>

Prev by Date: [msmtp-users] Fingerprints do not match - how to fix??
Next by Date: Re: [msmtp-users] Fingerprints do not match - how to fix??
Previous by thread: [msmtp-users] Fingerprints do not match - how to fix??
Next by thread: Re: [msmtp-users] Fingerprints do not match - how to fix??
Index(es):
- Date
- Thread