Weird ssl error - sync working ~10% of the time
Jan Frederick Eick
j.f.eick at gmx.de
Sat Oct 13 19:45:19 BST 2012
Hi there!
This is my last hope, I'm having trouble configuring my university
account for a more than a week.
The relevant section of my .offlineimaprc is:
[Repository Uni-Remote]
remotehost = mailgate.uni-weimar.de
port = 993
ssl = true
sslcacertfile = ~/.cert/cert.pem
cert_fingerprint = 5489eefeb62...
remoteuser = User
remotepass = Pass
realdelete = no
maxconnection = 1
---
I can't really remember when or where I found out the cert_fingerprint, but it doesn't matter if I include it in my .offlineimaprc or not, the result is the same. I generated ~/.cert/cert.pem by myself, cat'ing all required pems for the cert chain (including the root ca which is located in /etc/ssl/certs). Syncing my account only works in about 10% of the time.
Mostly I get this:
$ offlineimap -u ttyui -a Uni -d all
OfflineIMAP 6.5.4
Licensed under the GNU GPL v2+ (v2 or any later version)
Now debugging for imap: IMAP protocol debugging
Now debugging for maildir: Maildir repository debugging
Now debugging for thread: Threading debugging
Now debugging for : Other offlineimap related sync messages
Account sync Uni:
[thread]: Register new thread 'Account sync Uni' (account 'Uni')
[maildir]: MaildirRepository initialized, sep is '.'
*** Processing account Uni
Establishing connection to mailgate.uni-weimar.de:993
[imap]: 41:16.14 Account sync Uni imaplib2 version 2.33
[imap]: 41:16.14 Account sync Uni imaplib2 debug level 5, buffer level 3
ERROR: Unknown SSL protocol connecting to host 'mailgate.uni-weimar.de' forrepository 'Uni-Remote'. OpenSSL responded:
[Errno 1] _ssl.c:504: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac
[' File "/usr/lib/python2.7/site-packages/offlineimap/accounts.py", line 234, in syncrunner\n self.sync()\n', ' File "/usr/lib/python2.7/site-packages/offlineimap/accounts.py", line 290, in sync\n remoterepos.getfolders()\n', ' File "/usr/lib/python2.7/site-packages/offlineimap/repository/IMAP.py", line 268, in getfolders\n imapobj = self.imapserver.acquireconnection()\n', ' File "/usr/lib/python2.7/site-packages/offlineimap/imapserver.py", line 333, in acquireconnection\n raise OfflineImapError(reason, severity)\n']
*** Finished account 'Uni' in 0:00
[thread]: Unregister thread 'Account sync Uni'
ERROR: Exceptions occurred during the run!
ERROR: Unknown SSL protocol connecting to host 'mailgate.uni-weimar.de' forrepository 'Uni-Remote'. OpenSSL responded:
[Errno 1] _ssl.c:504: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac
Traceback:
File "/usr/lib/python2.7/site-packages/offlineimap/accounts.py", line 234, in syncrunner
self.sync()
File "/usr/lib/python2.7/site-packages/offlineimap/accounts.py", line 290, in sync
remoterepos.getfolders()
File "/usr/lib/python2.7/site-packages/offlineimap/repository/IMAP.py", line 268, in getfolders
imapobj = self.imapserver.acquireconnection()
File "/usr/lib/python2.7/site-packages/offlineimap/imapserver.py", line 333, in acquireconnection
raise OfflineImapError(reason, severity)
-----
I'm very sure the cert-file is right - because running
openssl s_client -connect mailgate.uni-weimar.de:993 -CAfile ~/.cert/cert.pem gives me:
[...]
SSL-Session:
[...]
Compression: 1 (zlib compression)
Start Time: 1350153781
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Can someone give me hint what's wrong with my setup?
Or any hint how I could further debug this issue?
More information about the OfflineIMAP-project
mailing list