SSL certificate setup
Sebastian Spaeth
Sebastian at sspaeth.de
Thu Jan 6 10:29:46 UTC 2011
On Thu, 6 Jan 2011 01:28:08 +0800, h2oz7v <h2oz7v at gmail.com> wrote:
> On Thu, Jan 6, 2011 at 12:28 AM, Sebastian Spaeth <Sebastian at sspaeth.de> wrote:
> > It belongs into the [Repository ...] section, this is what mine looks
> > like:
>
> Thanks. Could we also have it as a general property? Would save some verbosity.
That would certainly be good. Having that as a [general] entry which can
be overridden by entries in the specific [Repository xxx] section.
> The typo in the [example config][1] also threw me off:
> s/sslcacertcertfile/sslcacertfile/
Ooops, that is my bad and I will send a patch that fixes that.
> Also, could you help with this error:
> > WARNING: Error occured attempting to sync account cath: SSL Certificate host name mismatch: certificate is for outlook.com
> Relevant part of config:
>
> [Repository cath-remote]
> type = IMAP
> remotehost = pod51002.outlook.com
>
> Seems to fail because the host is a sub-domain.
Right, that is an error because the certificate is for outlook.com and
you want to connect to a subdomain. So it rightly fails.
So technically speaking do you not have a valid CA cert :). (My
dreamhost provided cert covers e.g. *.mail.dreamhost which works
fine). What we would need to do is to provide a configure option to
accept a cacert even if the hostname doesn't match, I guess. The best
way to handle this should be discussed and agreed on first though.
You can comment out the hostnamecheck for now.
in imaplibutil.py line 139 remove/comment out these 4 lines:
else:
error = self._verifycert(self.sslobj.getpeercert(), host)
if error:
raise ssl.SSLError("SSL Certificate host name mismatch: %s" % error)
Sebastian
P.S. The archive is not showing the 6 mails that I sent to the list
yesterday while they certainly go out in general. Is that a problem with
the archive (gmane is also not showing things), or is the list broken?
http://lists.alioth.debian.org/pipermail/offlineimap-project/2011-January/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/offlineimap-project/attachments/20110106/fe86cbfa/attachment.pgp>
More information about the OfflineIMAP-project
mailing list