OSX sslcacertfile and GMail (Basic help)
Rainer M Krug
Rainer at krugs.de
Tue May 19 08:02:08 BST 2015
Lucien Pullen <drurowin at gmail.com> writes:
> Also sprach chris coleman on 2015-05-18:
>> There should be a standard method to get OpenSSL to download and use
>> the current full set of public root CA certs !
>
> I noticed that the certificate you get by connecting to Gmail tells
> where to get its CA from. Got distracted after dinner instead of
> writing a routine to do the fetch in an automated fashion.
>
> The only thing I noticed is that GIAG2.crt is (at least until January 1,
> 2017) DER format, and OpenSSL is too dumb to convert it to PEM format
> itself. Luckily, if you know what input format it is, you can tell
> OpenSSL to convert it yourself. {{eyeroll}}
>
> I've got code working to create a PEM file from the keychain that
> specializes getsslcacertfile() for Gmail IMAP on Darwin. Perhaps we
> should cache the fetch of GIAG2.crt into the keychain (which also solves
> OpenSSL not being able to use DER)?
I don't have much knowledge of all these security issues, but as far as
I know, the certificates are already in the keychain? Or are they there,
because they have been downloaded by Safari browser before?
Rainer
> Not as great as OpenSSL being fixed to do this itself (The Right
> Thing), but should work in the meanwhile.
>
> _______________________________________________
> OfflineIMAP-project mailing list: OfflineIMAP-project at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project
>
> OfflineIMAP homepages:
> - https://github.com/OfflineIMAP
> - http://offlineimap.org
>
--
Rainer M. Krug
email: Rainer<at>krugs<dot>de
PGP: 0x0F52F982
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 494 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/offlineimap-project/attachments/20150519/310764f2/attachment-0003.sig>
More information about the OfflineIMAP-project
mailing list