OSX sslcacertfile and GMail (Basic help)

Rainer M Krug Rainer at krugs.de
Mon May 18 08:56:17 BST 2015


"M. Henry Linder" <mhlinder at gmail.com> writes:

> Lucien
>
> Thanks for the response. OpenSSL wasn’t doing The Right Thing, and a
> variety of other fixes weren’t working either—various certs downloaded
> offline, etc.
>
> What ended up working was just dumping all the Keychain System Roots
> certs to a PEM file
> (http://stackoverflow.com/questions/24675167/ca-certificates-mac-os-x
> <http://stackoverflow.com/questions/24675167/ca-certificates-mac-os-x>),
> which feels a bit hacky but at least works

I did exactly the same, and I agree it feels hacky.

I have no idea about python, but wouldn't it be possible that
offlineimap could directly read the certificate from the keychain if
told to do so? This would be very helpful (and presumably safer -
consider updates of the certificates!)

Cheers,

Rainer

>
> Thanks for the help again.
>
> Henry
>
>> On May 17, 2015, at 4:13 AM, Lucien Pullen <drurowin at gmail.com> wrote:
>> 
>> Also sprach M. Henry Linder on 2015-05-16:
>>> I’m on OS X, with offlineimap and openssl installed through homebrew. I can’t for the life of me
>>> find a CA certfile or PEM file that Gmail will accept. It seems that I may need to generate a
>>> certfile from the keychain; how might I do that?
>> 
>> I only use the keychain to store the password.  For the certificate, I'm
>> using cert.pem from MacPorts' curl-ca-bundle package.
>> 
>> From the Homebrew commit history
>> <https://github.com/Homebrew/homebrew/commit/ab926db10c47352b38e114d0945ac1c0596eef74>
>> they seem to have deprecated curl-ca-bundle in favor of a certificate
>> file generated from the keychain, though, since I don't use Homebrew, I
>> don't know if there's a One Big PEM option still.
>> 
>> Have you tried leaving off the sslcacertfile option and seeing if
>> offlineimap calls openssl to just do The Right Thing, since Gmail only
>> accepts connections over SSL?
>> 
>> _______________________________________________
>> OfflineIMAP-project mailing list: OfflineIMAP-project at lists.alioth.debian.org
>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project
>> 
>> OfflineIMAP homepages:
>> - https://github.com/OfflineIMAP
>> - http://offlineimap.org
>
> _______________________________________________
> OfflineIMAP-project mailing list: OfflineIMAP-project at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project
>
> OfflineIMAP homepages:
> - https://github.com/OfflineIMAP
> - http://offlineimap.org

-- 
Rainer M. Krug
email: Rainer<at>krugs<dot>de
PGP: 0x0F52F982
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 494 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/offlineimap-project/attachments/20150518/9effae5b/attachment-0003.sig>


More information about the OfflineIMAP-project mailing list