offlineimap, OSX, SSL3_GET_SERVER_CERTIFICATE and the cert_fingerprint?
boite.pour.spam at gmail.com
Fri Feb 1 08:41:12 GMT 2013
Please try my 'next' branch (from here:
https://github.com/X-Ryl669/offlineimap/tree/next ) and check if it works
I've merged a patch that was related to SSLv3, so please report if it
worked better for you.
On Thu, Jan 31, 2013 at 10:24 PM, Johannes Kastl <mail at ojkastl.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 1/31/13 12:46 PM X Ryl wrote:
> > If you run offlineimap with no UI, then it'll print your server
> > fingerprint to stdout.
> > If you're paranoid, run it from a different IP to check if you
> > still get the same fingerprint. Then copy and paste the fingerprint
> > inside your .rc file, so you tell OI that you allow it to accept
> > this server.
> I got it to work, but its still somehow cheesy.
> Is the fingerprint somehow included in the server certificate? Or is
> it listed on the issuers database somewhere?
> > To avoid MITM, there is no complete solution, but basically, if you
> > connect from numerous (unrelated) place to the same server and
> > still get the same fingerprint, then you're almost sure you're
> > contacting the right server (unless the MITM is just before the
> > server, but then you can't do anything)..
> > If you're using SSH, you already know that, it's the same security
> > as with the known_host file.
> I was hoping you would say something different, but I guessed it would
> work like ssh with known_host.
> Good enough for now, I guess.
> Thanks for your reply.
> Still, the SSL3_GET_SERVER_CERTIFICATE error is not yet fixed?
> - --
> Why is it that New Jersey got all the toxic waste dumps and California
> got all the lawyers?
> New Jersey had first choice.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (Darwin)
> Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/
> -----END PGP SIGNATURE-----
> OfflineIMAP-project mailing list
> OfflineIMAP-project at lists.alioth.debian.org
> OfflineIMAP homepage: http://software.complete.org/offlineimap
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OfflineIMAP-project