Anybody else seeing imap.gmail.com using a cert with CommonName invalid2.invalid? (Does anyone else use imap.gmail.com these days?)
1
4
1
OK, the underlying problem seems to be that something changed today (probably an upgrade I picked up with Ubuntu updates) that triggered mta.openssl.org/pipermail/op… , and forcing TLS 1.2 fixes things, since imap.gmail.com now requires SNI for TLS 1.3.
2
1
Yeah, what I don't know is whether today's system updates (probably the openssl or libssl one) (a) broke fetchmail sending of SNI or (b) made fetchmail start using TLS 1.3
1
Replying to @davidbaron @asutherland
Though given that the update was from 1.1.0g to 1.1.1, it's probably that it made fetchmail start using TLS1.3... and I guess I don't have the version of fetchmail that sends SNI properly. (There were some fedora bugs on this from last year...)

Jun 11, 2019 · 9:18 PM UTC

1