offlineimap, OSX, SSL3_GET_SERVER_CERTIFICATE and the cert_fingerprint?
X Ryl
boite.pour.spam at gmail.com
Fri Feb 1 08:41:12 GMT 2013
Please try my 'next' branch (from here:
https://github.com/X-Ryl669/offlineimap/tree/next ) and check if it works
for you.
I've merged a patch that was related to SSLv3, so please report if it
worked better for you.
Best regards,
Cyril
On Thu, Jan 31, 2013 at 10:24 PM, Johannes Kastl <mail at ojkastl.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 1/31/13 12:46 PM X Ryl wrote:
> > If you run offlineimap with no UI, then it'll print your server
> > fingerprint to stdout.
>
> OK.
>
> > If you're paranoid, run it from a different IP to check if you
> > still get the same fingerprint. Then copy and paste the fingerprint
> > inside your .rc file, so you tell OI that you allow it to accept
> > this server.
>
> I got it to work, but its still somehow cheesy.
>
> Is the fingerprint somehow included in the server certificate? Or is
> it listed on the issuers database somewhere?
>
> > To avoid MITM, there is no complete solution, but basically, if you
> > connect from numerous (unrelated) place to the same server and
> > still get the same fingerprint, then you're almost sure you're
> > contacting the right server (unless the MITM is just before the
> > server, but then you can't do anything)..
> >
> > If you're using SSH, you already know that, it's the same security
> > as with the known_host file.
>
> I was hoping you would say something different, but I guessed it would
> work like ssh with known_host.
>
> Good enough for now, I guess.
>
> Thanks for your reply.
>
> Still, the SSL3_GET_SERVER_CERTIFICATE error is not yet fixed?
>
> Regards,
> Johannes
> - --
> Why is it that New Jersey got all the toxic waste dumps and California
> got all the lawyers?
> New Jersey had first choice.
> (unknown)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (Darwin)
> Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/
>
> iEYEARECAAYFAlEK4SAACgkQzi3gQ/xETbIWVQCeO4tWixiBwDspC5SudilBuJ55
> DJIAn3Zwy9yQBLTVTHa+5E8ZUikdjM8a
> =m/V8
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> OfflineIMAP-project mailing list
> OfflineIMAP-project at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project
>
> OfflineIMAP homepage: http://software.complete.org/offlineimap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/offlineimap-project/attachments/20130201/402d7f5c/attachment-0002.html>
More information about the OfflineIMAP-project
mailing list