<div dir="ltr">Hi all,<div><br></div><div>I'm having issues with offlineimap on a BSD system.</div><div><br></div><div>Premise: I copied my (working) offlineimap from my OSX machine to a newly installed openBSD. After some fiddling I got it to work yesterday. In a nutshell, these are the relevant lines that I changed in the config file:<br>
<div><br></div><div>[...]</div><div><div><div>type = Gmail</div><div>ssl=yes</div><div>#sslcacertfile=~/Mail/certs.pem</div><div>sslcacertfile=/etc/ssl/cert.pem<br></div><div>cert_fingerprint=89091347184d41768bfc0da9fad94bfe882dd358</div>
</div></div><div><br></div><div>Basically, on OSX I had to download the certificates locally (into ~/Mail/certs.pem) for host verification as I could not [be bothered to] find the host-wide SSL certificates. On the BSD system I used the system-wide installed certificates, but I had to specify a fingerprint. The uncommented lines show my progress in this direction.</div>
<div><br></div><div>Today, without touching the configuration, I got the following error:</div><div><br></div><div><div>ERROR: Unknown SSL protocol connecting to host '<a href="http://imap.gmail.com">imap.gmail.com</a>' forrepository 'XXX-remote'. OpenSSL responded:</div>
<div>[Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed</div><div>ERROR: While attempting to sync account 'XXX'</div><div> Prompting for a password is not supported in this UI backend.</div>
<div><br></div><div>After a random interval (minutes, in the order of 10-20) I tried again and this time it worked fine. I can't pinpoint the exact problem: seems like a SSL issue, but I don't understand why it fails asking for a password. I doubt anyone is playing man-in-the-middle, but one of the earlier fault I did not capture was a complain that the fingerprint does not match the certificate.</div>
<div><br></div><div>There is one further piece to the puzzle: since I did not want to put my password in cleartext, I saved the 'application' password for my gmail account in a GPG-encrypted file and I wrote a python wrapper to load it from offlineimap. I'll be more than happy to share the code if anyone is interested.</div>
<div><br></div><div>Nevertheless, what I found puzzling is that when everything works, I am asked the GPG password. Otherwise, it fails with a SSL error. My gut feeling is that there is some sort of random SSL timeout that prevents offlineimap from invoking the python wrapper. But I'm new here, hence my ask for help.</div>
<div><br></div><div>My best regards, </div><div><br></div><div>Lorenzo</div><div><br></div>-- <br><div dir="ltr">:Lorenzo Grespan</div>
</div></div></div>