From 30ac01d9f286d3f648eb1028064bcf4408371766 Mon Sep 17 00:00:00 2001
From: Simon Barner <barner@FreeBSD.org>
Date: Sat, 10 Dec 2005 22:51:45 +0000
Subject: Add instructions for mail/fetchmail users how to configure
 certificates in order to avoid verbose warnings that appeared with fetchmail
 6.3.0.

---
 UPDATING | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'UPDATING')

diff --git a/UPDATING b/UPDATING
index 0ba29ef61ba1..108266d85d48 100644
--- a/UPDATING
+++ b/UPDATING
@@ -6,6 +6,35 @@ You should get into the habit of checking this file for changes each
 time you update your ports collection, before attempting any port
 upgrades.
 
+20051210:
+  AFFECTS: users of mail/fetchmail using SSL encryption
+  AUTHOR: barner@FreeBSD.org
+ 
+  Fetchmail now checks the validity of server certificates and complains
+  verbosely in maillog if the validation fails.
+
+  If your mail server's certificate is not signed by one of the root
+  authorities, you have to manually configure them using the following steps:
+
+    * Download the necessary certificates in PEM format and store them
+      at a suitable location, e.g. /home/user/.certs
+
+    * Run the c_rehash tool on the freshly installed certificates:
+
+      - If you are using OpenSSL from the base system (this is the default)
+        use the following command:
+	% perl /usr/src/crypto/openssl/tools/c_rehash /home/user/.certs
+
+      - If you are using OpenSSL from security/openssl please use
+        % c_rehash /home/user/.certs
+
+    * Use the following options to enable SSL encryption your .fetchmailrc
+      configuration file:
+
+      options ssl sslcertpath /home/user/.certs sslcertck
+              sslfingerprint '< fingerprint >'
+	      < other options >
+
 20051208:
   AFFECTS: users of net/py-bittorrent and net/py-bittorrent-core
   AUTHOR: lioux@FreeBSD.org
-- 
cgit v1.2.3