gnutls, openssl and compiling mutt

Alexander Volovics volovics at
Sun Nov 2 14:00:18 UTC 2014

On Sat, Nov 01, 2014 at 07:27:11PM +0100, Heinz Diehl wrote:
> On 01.11.2014, Alexander Volovics wrote: 
> > I don't expect it will do any good to copy the "general" certificates
> > to the Mac.
> Are there any CA-certificates installed on the Mac which are available
> to mutt? If not, it could be the cause of your problem.

I will stop investigating this problem at the moment.
It has already taken up too much time without any success.

I dicovered that mutt was also compiled linked to the latest
openssl in a version of Antergos Linux I had installed in a
spare partition.
Mutt aborted the TLS connection there too. You would think that if you
include mutt and openssl it would work more or less "out of the box",
but no.

As Antergos is Linux I thought it was easier to investigate things
there, but no.

To begin openssl was implemented quite diferently than in Fedora:
no /etc/pki/ and no /etc/pki/tls and no 
cert.pem -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
and nothing resembling 'tls-ca-bundle.pem'.

All the certificates were just lumped together in /etc/ssl/certs/
including one file 'ca-certificates.crt' also mentioned in the
man of muttrc. No docs to explain anything so again you would think
that the mutt/openssl combo would have been 'primed' to work
together in an obvious way.
Nothing I tried 'suggested' by man mutt, man muttrc, man openssl
worked. Googling didn't give usefull hints. Asking in the 
Antergos forum yielded nothing. So I gave up.

Then OSX. In the HomeBrew openssl directory there were 2 "pem"
files: cert.pem and osx_cert.pem. Trying to use these in some
way or other did not work.
The few actual Apple OSX certificates or whatever are stored 
in a format I do not understand, are not easily accessed and 
I think would have to be 'translated' first to be usefull.
So exit Mac.

And then I still do not quite understand what the TLS
connection is trying to accomplish:
1) verify that is actually ziggo and not an 'imposter'
2) encrypt the mail before sending (or a combination of 1 & 2)
3) verify that I am connecting to ziggo and not an imposter.

Anyway thank you very much for your time and help.


More information about the users mailing list