Firstly, you'll need a version of pine with OpenSSL support built in. To see if your pine does this, run pine -supported and look at the Encryption: section. If it doesn't say TLS and SSL, then you'll need to get an OpenSSL enabled version.
Before continuing, you need to ensure that your OpenSSL instalation
trusts the certificate of your server. If the certificate is from a non
mainstream CA (eg an in-house one), or is self signed, you'll need to
follow this guide to install
the certificate. If you don't do this, you'll get a
nasty error like this.
Oh, and if your CA isn't a top level CA (eg CA signed a cert for you, which
was used as your own CA to sign the server cert), you should only need to
trust one of the top level CA or your in-house CA. That said, if you hit
problems doing it, try adding the second CA certificate as a trusted
CA, and it might go away. In that eventuality, also submit a bug report to
the OpenSSL team - you should only have to trust one of the certificates on
the signing chain to trust the end certificate.
For pine to do SSL IMAP, you will need to explicitly point it at the
IMAPS service (port 993 not port 143). TLS IMAP is different, as the
encryption is activated over a normal IMAP session if both parties
support it. With TLS IMAP, your client will connect to the standard
port (143).
This may mean that on a mail server / client upgrade, your session will
transparently become TLS instead of clear text.
To force SSL (not advised unless your server only does SSL and not TLS), add /ssl/ to your imap path. To force TLS, add /tls/ to your imap path. Without either of these, pine will talk clear imap to the server, but try to negotiate up to TLS if supported by the server.
Some examples:
pine -inbox-path="imap.mycompany.com/" - clear text unless TLS is
supported by the server, in which case TLS used
pine -inbox-path="imap.mycompany.com/ssl" - SSL connection or die
trying, won't be able to do TLS though
pine -inbox-path="imap.mycompany.com/tls" - TLS connection or die
trying
For a fuller guide to pine and SSL, see the INCLUDING SSL section of the pine readme.
There was a failure validating the SSL/TLS certificate for the server
magd1113.herald.ox.ac.uk
The reason for the failure was
unable to get local issuer certificate (details)
We have not verified the identity of your server. If you ignore this
certificate validation problem and continue, you could end up connecting
to an imposter server.
If the certificate validation failure was expected and permanent you may
avoid seeing this warning message in the future by adding the option
/novalidate-cert
Firstly, check that you have installed your personal certificate correctly into the OpenSSL framework.
The patch to enable SMIME support in pine is currently produced by Thorsten Glaser. Currently, new versions are posted to comp.mail.pine, and are also posted at http://mitglied.lycos.de/tygs/pub/. At the time of writing, you need both pine.smime and pine.smime.init, with the documentation in pine.smime
There is also a new patch from Martin Kouril, which integrates further into pine (such as a new SMIME option in the configuration section). This can be found at http://coud.czweb.org/w.html.
You will need an OpenSSL enabled version of mutt. To check, run mutt -v and check +USE_SSL is listed.
If the server supports TLS, an imap:// mailbox spec will cause the session to be negotiated up to TLS Imap. To force SSL, change your imap spec to imaps:// from imap://. To force TLS, you will need to set the configuration value ssl_use_tlsv1
If in doubt, you should find README.SSL in most mutt distributions. Go look at this.
This work is licensed under a
Creative
Commons License.