{"id":4485,"date":"2014-11-05T15:27:32","date_gmt":"2014-11-05T14:27:32","guid":{"rendered":"http:\/\/www.b.shuttle.de\/hayek\/hayek\/jochen\/wp\/blog-en\/?p=4485"},"modified":"2014-11-05T15:27:32","modified_gmt":"2014-11-05T14:27:32","slug":"keeping-fetchmailrc-ssl-fingerprints-updated-semi-automatically","status":"publish","type":"post","link":"https:\/\/wp.jochen.hayek.name\/blog-en\/2014\/11\/05\/keeping-fetchmailrc-ssl-fingerprints-updated-semi-automatically\/","title":{"rendered":"keeping .fetchmailrc SSL fingerprints updated semi-automatically"},"content":{"rendered":"<ul>\n<li><a href=\"https:\/\/github.com\/JochenHayek\/misc\/blob\/master\/fetchmail--extract_fingerprints.pl\">https:\/\/github.com\/JochenHayek\/misc\/blob\/master\/fetchmail&#8211;extract_fingerprints.pl<\/a><\/li>\n<li><a style=\"font-size: 17px;line-height: 1.6471\" href=\"http:\/\/sourceforge.net\/p\/fetchmail\/mailman\/\">http:\/\/sourceforge.net\/p\/fetchmail\/mailman\/<\/a><\/li>\n<li>Properly adminstrated IMAP servers (and also POP3 servers) get their SSL certificates replaced once in a while, and their SSL fingerprints change then as well<\/li>\n<li>Of course this invalidates fetchmail&#8217;s configuration data &#8220;describing&#8221; those servers.<\/li>\n<li>And fetchmail does not assist you keeping them updated \u2013 for good reason somehow.<\/li>\n<li><span style=\"font-size: 0.95em;line-height: 1.6em\">Today it appeared to me, as if had already updated manually such configuration details quite a couple of times in my life-time.<\/span><\/li>\n<li><span style=\"font-size: 0.95em;line-height: 1.6em\">This job also appeared to me as tedious and errorprone.<\/span><\/li>\n<li><span style=\"font-size: 0.95em;line-height: 1.6em\">So I made this a tiny little programming challenge.<\/span><\/li>\n<li>Right \u2026, looks like yet another <a href=\"http:\/\/en.wikipedia.org\/wiki\/Not_invented_here\">NIH<\/a> thing \u2013 and I actually only did the research after completing my task, but <strong>I\u00a0am staying entirely within the fetchmail universe<\/strong>, whereas the others resort to using openssl and mix up things quite a little, and I don&#8217;t really see the benefit.<\/li>\n<li>My resulting script is neither super-exemplary nor very beautiful.<\/li>\n<li>Well \u2026 it does indeed make use of a little formatting aid function, that I quite like and that I added inline \u2013 but actually w\/o debugging switched on, you don&#8217;t need it all.<\/li>\n<li>Update 2014-12-12: if different IMAP servers (all responding at different times to the same DNS name) can have different certificates, it is certainly better to have fetchmail deal with that fact, but apparently up until today, that isn&#8217;t the fact. I should listen probably listen to the fetchmail mailing lists (or even get involved in the discussion) \u2013 see the link to the mailing lists above! Actually it does not appear to me, as there was a recent discussion on the matter.<\/li>\n<li>Update 2014-12-15: always start fetchmail like this:<br \/>\n$ fetchmail &#8211;verbose &#8211;logfile $HOME\/var\/log\/fetchmail.log<br \/>\nthen run my script, and it will also tell you, whether the fingerprints match; I simply call it, before following my procmail LOG again<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>https:\/\/github.com\/JochenHayek\/misc\/blob\/master\/fetchmail&#8211;extract_fingerprints.pl http:\/\/sourceforge.net\/p\/fetchmail\/mailman\/ Properly adminstrated IMAP servers (and also POP3 servers) get their SSL certificates replaced once in a while, and their SSL fingerprints change then as well Of course this invalidates fetchmail&#8217;s configuration data &#8220;describing&#8221; those servers. And fetchmail does not assist you keeping them updated \u2013 for good reason somehow. Today it appeared to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_share_on_mastodon":"0"},"categories":[666],"tags":[1232,1323],"class_list":["post-4485","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-pop3","tag-ssl"],"share_on_mastodon":{"url":"","error":""},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paO0kP-1al","jetpack_likes_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/wp.jochen.hayek.name\/blog-en\/wp-json\/wp\/v2\/posts\/4485","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wp.jochen.hayek.name\/blog-en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp.jochen.hayek.name\/blog-en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp.jochen.hayek.name\/blog-en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wp.jochen.hayek.name\/blog-en\/wp-json\/wp\/v2\/comments?post=4485"}],"version-history":[{"count":0,"href":"https:\/\/wp.jochen.hayek.name\/blog-en\/wp-json\/wp\/v2\/posts\/4485\/revisions"}],"wp:attachment":[{"href":"https:\/\/wp.jochen.hayek.name\/blog-en\/wp-json\/wp\/v2\/media?parent=4485"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp.jochen.hayek.name\/blog-en\/wp-json\/wp\/v2\/categories?post=4485"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp.jochen.hayek.name\/blog-en\/wp-json\/wp\/v2\/tags?post=4485"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}