gnutls, openssl and compiling mutt

Alexander Volovics volovics at
Sat Nov 1 16:18:40 UTC 2014

On Sat, Nov 01, 2014 at 02:19:27PM +0100, Heinz Diehl wrote:
> On 01.11.2014, Alexander Volovics wrote: 
> > Is that so. I didn't know that. How are you supposed to get
> > the certificate then. 
> Check if the "cert.pem" symlink points to something like this:

> lrwxrwxrwx  1 root root    49 Nov  1 14:11 cert.pem ->
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

It does, on my Fedora PC.
Nothing like this seems to exist on the Mac under OsX.

And then we might be talking about different things.
These might be "general" certificates. When I connected to my
ISP with mutt the first time and I had to accept a certificate
I had the impression that a "personal" certificate was generated
to identify ME to the server in the future. And this certificate
was saved by mutt in a file "~/.mutt_certificates".

The .muttrc manpage indicates that you can refer to this file in
.muttrc by using "set certificate_file = ~/.mutt_certificates".
So I copied this file to the Mac and specified this in .muttrc.
This does not work, still 'SSL failed. I/O error'!
The muttrc manpage also mentions the following config variables:
'ssl_ca_certificates_file' & 'ssl_client_cert'. But these also do
not work with my Fedora '.mutt_certificates' file.

I don't expect it will do any good to copy the "general" certificates
to the Mac.

And then the situation is complicated by using Linux programs
in OsX via the Homebrew setup. They expressly create a 
/usr/local/Cellar directory to install them and compartementalize
from OsX apps and libraries. Furthermore openssl has to be
isolated evenmore ('kegged' they call it) to not interfere with
OsX's own (ancient) openssl.

Running ~/.openssl directly from the Homebrew directory also
aborts unhelpfully (and using s_client, debug, verify produces
no helpfull info).

Also, ich stecke tief in die scheisse :) 

I contacted Homebrew, hope they can help.


More information about the users mailing list