gnutls, openssl and compiling mutt

[Heinz Diehl]

On 01.11.2014, Alexander Volovics wrote: 

> And then we might be talking about different things.
> These might be "general" certificates. When I connected to my
> ISP with mutt the first time and I had to accept a certificate
> I had the impression that a "personal" certificate was generated
> to identify ME to the server in the future. And this certificate
> was saved by mutt in a file "~/.mutt_certificates".

Nope. When you connect to your mailserver for the first time and its
certificate can not be validated (e.g. because there's a missing link
to /etc/pki/tls et al.), mutt asks you to either accept it once, for
alltime or to discard it. In case you choose to accept it for all
time, it get's stored in ~/.mutt-certs. From now on, mutt will accept
this certificate because *you* told it to do. This certificate carries
a signature of the ca-cert which has issued it, but mutt was unable to
verify it. Thus asking you to decide.

> The muttrc manpage also mentions the following config variables:
> 'ssl_ca_certificates_file' & 'ssl_client_cert'. But these also do
> not work with my Fedora '.mutt_certificates' file.

ssl_ca_certificates_file is meant to point to something like the
tls-ca-certificates.pem file. But it does only work when compiled with
"--with-gnutls".

> I don't expect it will do any good to copy the "general" certificates
> to the Mac.

Are there any CA-certificates installed on the Mac which are available
to mutt? If not, it could be the cause of your problem.
 
> And then the situation is complicated by using Linux programs
> in OsX via the Homebrew setup. 

I have noe clue :-)

> Also, ich stecke tief in die scheisse :) 

Det finnes en løsning til alt. Although I'm German, I've been living
in Norway a long time (und ich glaube nicht, dass du sooo tief in
*der* Sch**** steckst) ;-)