I narrowed it down to a lack of certificates in
/etc/ssl/cert.pem.
I tried to append the mail.centurylink.net certificate to the
/etc/ssl/cert.pem without success but remembered a Gentoo
wiki where individual certificates were concatenated into a single cert.pem file.
Quote:
CA Certificate Files
This approach uses CA certificate files, which are stored in the /etc/ssl/certs/ directory. As WebKit only supports a single PEM file, one can simply concatenate all separate files into a single one with the following command:
user $cd /etc/ssl/certs/ && for i in `ls`; do cat $i >> ~/.xombrero/cert.pem; done
|
.
I generated the cert.pem file on a Debian 8 system, renamed the
/etc/ssl/cert.pem and copied the Debian certificate file from a usb thumb drive.
My alpine email client now works with centurylink tls/ssl but I feel like it was overkill. The Debian based cert.pem is 5x larger
Code:
Heffalump# ls -al
total 2580
drwxr-xr-x 4 root wheel 512 Sep 21 18:55 .
drwxr-xr-x 39 root wheel 2048 Sep 21 13:14 ..
-r--r--r-- 1 root bin 1097360 Sep 21 18:54 cert.pem
-r--r--r-- 1 root bin 189049 Sep 21 16:27 cert_bu
-rw-r--r-- 1 root wheel 2669 Jul 26 11:47 ikeca.cnf
drwxr-xr-x 2 root wheel 512 Jul 26 11:47 lib
-r--r--r-- 1 root bin 745 Jul 26 11:47 openssl.cnf
drwx------ 2 root wheel 512 Jul 26 11:47 private
-r--r--r-- 1 root bin 1006 Jul 26 11:47 x509v3.cnf
It would have been nice to just add the certificates for my email provider.