<DKIM> Cannot use offlineimap with gmail

Sridhar M. A. alaymari at gmail.com
Mon May 1 12:26:33 BST 2017


On Sat, Apr 29, 2017 at 02:05:47PM +0200, Nicolas Sebrecht wrote:
   > 
   > You should either use fingerprint or sslcacertfile but not both.
   > 
Sorry for the delay in posting. Here is the output using

fingerprint only:
Account sync xx:
 *** Processing account xx
 Establishing connection to imap.gmail.com:993 (masphys-remote)
 ERROR: Server SSL fingerprint 'cc64f9a1815c618562b8f4962d2b353bb7a57852' for hostname 'imap.gmail.com' does not match configured fingerprint(s) ['f3043dd689a2e7dddfbef82703a6c65ea9b634c1'].  Please verify and set 'cert_fingerprint' accordingly if not set yet.
 *** Finished account 'xx' in 0:00
ERROR: Exceptions occurred during the run!
ERROR: Server SSL fingerprint 'cc64f9a1815c618562b8f4962d2b353bb7a57852' for hostname 'imap.gmail.com' does not match configured fingerprint(s) ['f3043dd689a2e7dddfbef82703a6c65ea9b634c1'].  Please verify and set 'cert_fingerprint' accordingly if not set yet.


cert only:
Account sync xx:
 *** Processing account xx
 Establishing connection to imap.gmail.com:993 (masphys-remote)
 ERROR: Unknown SSL protocol connecting to host 'imap.gmail.com' for repository 'masphys-remote'. OpenSSL responded:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
 *** Finished account 'xx' in 0:00
ERROR: Exceptions occurred during the run!
ERROR: Unknown SSL protocol connecting to host 'imap.gmail.com' for repository 'masphys-remote'. OpenSSL responded:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

   > You might like to manually check your CA cert file like this:
   > 
   >   http://www.offlineimap.org/doc/FAQ.html#checking-the-ssl-certificate
   > 
$ openssl s_client -showcerts -connect imap.gmail.com:993
CONNECTED(00000003)
depth=1 C = GB, ST = Oxfordshire, O = Sophos, OU = NSG, CN = Sophos SSL CA_C44315332603-JSSZTA, emailAddress = support at sophos.com
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
   i:/C=GB/ST=Oxfordshire/O=Sophos/OU=NSG/CN=Sophos SSL CA_C44315332603-JSSZTA/emailAddress=support at sophos.com
-----BEGIN CERTIFICATE-----
MIIDLDCCAhSgAwIBAgIEBpx/aDANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMC
R0IxFDASBgNVBAgMC094Zm9yZHNoaXJlMQ8wDQYDVQQKDAZTb3Bob3MxDDAKBgNV
BAsMA05TRzEqMCgGA1UEAwwhU29waG9zIFNTTCBDQV9DNDQzMTUzMzI2MDMtSlNT
WlRBMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHNvcGhvcy5jb20wHhcNMTcwNDIx
MDg0OTEzWhcNMTcwNzE0MDgyNjAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwK
Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29v
Z2xlIEluYzEXMBUGA1UEAwwOaW1hcC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAL2ol6Iy+Ai8KgNWaI4MhO7XaDPRJ/5qtOk6J6Q7BFuncfD0
ZtQUoBx0gLA1WOHKPMJm9oMdJjrtFtcAE/ssYKYNB+QnFuntLhZepIz5p1ceWB+w
+OfktbNaRW5RRBkrXlCQoUBBwW+MWiKQgXorMTO41nYeelcYWJU6tmPIYAaHAgMB
AAGjODA2MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMBkGA1UdEQQSMBCCDmlt
YXAuZ21haWwuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCLOWT8u2VwIxAGxrgbgd/R
udT+RYQuOjKUGh0hkPtOR5RiTZyUI/HpQXvs4+978g8HrO8H63fVkeagjHNYm1hV
Z7wB7IwNxxqJ6ZVs2ve2rlSxoGyg2q/kkwKzGr8bhwp8VmhZDmfjQ1787OpGCQ1m
ZBz5EJtjWjjtdurBe+sr0FeJYpBaAIIC8Kje7fe4GUEcj9iRTXSguthetfOt7Awl
4FZ+SYcHuvELJBoYlflYVSD51/GjuGyAHHkDGTZLtJixzfgW8Nx8nCteSJQigcYn
P0DWY2qi+qDcHsER9paSMbMYR/e9ab0Ykb2R/+8XYrQVDQM/0OFcuv3CvVOIJ48f
-----END CERTIFICATE-----
 1 s:/C=GB/ST=Oxfordshire/O=Sophos/OU=NSG/CN=Sophos SSL CA_C44315332603-JSSZTA/emailAddress=support at sophos.com
   i:/C=GB/ST=Oxfordshire/O=Sophos/OU=NSG/CN=Sophos SSL CA_C44315332603-JSSZTA/emailAddress=support at sophos.com
-----BEGIN CERTIFICATE-----
MIIElTCCA32gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMCR0Ix
FDASBgNVBAgMC094Zm9yZHNoaXJlMQ8wDQYDVQQKDAZTb3Bob3MxDDAKBgNVBAsM
A05TRzEqMCgGA1UEAwwhU29waG9zIFNTTCBDQV9DNDQzMTUzMzI2MDMtSlNTWlRB
MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHNvcGhvcy5jb20wIhgPMjAxNTA4MDEw
MDAwMDBaGA8yMDM2MTIzMTIzNTk1OVowgZExCzAJBgNVBAYTAkdCMRQwEgYDVQQI
DAtPeGZvcmRzaGlyZTEPMA0GA1UECgwGU29waG9zMQwwCgYDVQQLDANOU0cxKjAo
BgNVBAMMIVNvcGhvcyBTU0wgQ0FfQzQ0MzE1MzMyNjAzLUpTU1pUQTEhMB8GCSqG
SIb3DQEJARYSc3VwcG9ydEBzb3Bob3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAxxdnOnCkoi0wjPgR3zQQa5tXi2CTXo04qoy5PJ5M69xF7sa4
LgSpFFMHs8NoVGv+Z+RBvV2ExjGr+2Fdgzt0LG0Y0J3jpD1NX7x5o5WhC0w/J7eY
0jm1JA/9wcWUCZbmo9Q0/fy+dhr35Zs1QTGW1ehLGUH5nPsuUp/0aDorDBJ3/1Mj
iy58k5YRppC92A6Ha/hRk5/N5DnOEOVW29kFBqV56RrZ+D27iaub33szPuPOhQ0B
o2i0mhSDlQGJhIKkfkxdTVlrsarIpDfUEU/eE+eBWj2U2SEDkJclr7GIDx6LGZBK
00r9aSz8M/g+YNzgxJkJ8FJKFwFF51+RIv/pVQIDAQABo4HxMIHuMB0GA1UdDgQW
BBSQqff2qm+621FXBvvAXtMxeOZkYzCBvgYDVR0jBIG2MIGzgBSQqff2qm+621FX
BvvAXtMxeOZkY6GBl6SBlDCBkTELMAkGA1UEBhMCR0IxFDASBgNVBAgMC094Zm9y
ZHNoaXJlMQ8wDQYDVQQKDAZTb3Bob3MxDDAKBgNVBAsMA05TRzEqMCgGA1UEAwwh
U29waG9zIFNTTCBDQV9DNDQzMTUzMzI2MDMtSlNTWlRBMSEwHwYJKoZIhvcNAQkB
FhJzdXBwb3J0QHNvcGhvcy5jb22CAQEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQUFAAOCAQEAtfg/XN1IOWNrxrAZVZA6wArSmYzmp5LJf12dne9E7GH+wkYmlUfH
U2cS2Jfrm9NUKoMk22iZ0WeoUStsZAnsnxHfrVIvND7gnE3O3rc5OTSGuPn1z6y7
LtjQUIQ91MThS1R3ubZeRUw0tGlCvlrTTnigimmPnWt6NUFH0ciyJ4ryPuhL3bTo
8FsC1YkwqL3pG5AdtTCCjCJwqPEk5g6RcKapp5RcKrfkfuZH+5EirPgTUz8eCyC1
uKXqM8M5OUvE8RaR+dxuYVd0CqqPov4GFg/cZ7CVp0doXoJaMfAGNSl5QoQIsYGI
cGvPsDY9OdTtClKsGIXPC6Aha8pljuKbWQ==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
issuer=/C=GB/ST=Oxfordshire/O=Sophos/OU=NSG/CN=Sophos SSL CA_C44315332603-JSSZTA/emailAddress=support at sophos.com
---
No client certificate CA names sent
---
SSL handshake has read 2328 bytes and written 390 bytes
Verification error: self signed certificate in certificate chain
---
New, SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-SHA
    Session-ID: 4E973E14E886D9325F006C4B7BACF4180BB0B66971F15F7BEC8B774578E6B7D1
    Session-ID-ctx: 
    Master-Key: 1D63C9E2CF37C0B51958F82A44E92AC5EAC29456A7E682E761894875AFAE5A05596378C1E5A71E1E59DE623FCCD5CE43
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - f3 df c5 be e6 51 58 bf-29 69 cb 7c 07 bd 2c e1   .....QX.)i.|..,.
    0010 - db ac 7c fb d7 cf 05 1b-f4 29 80 c7 4a ef db 11   ..|......)..J...
    0020 - 9b f1 10 e7 55 66 d9 58-a0 fd 85 04 c0 7f b0 78   ....Uf.X.......x
    0030 - 2f 77 f2 d8 46 ab dc a9-8e af 77 68 a2 66 b7 f0   /w..F.....wh.f..
    0040 - 4c ad 79 c9 8f c8 3a 2b-a4 13 4e 81 6a 40 49 17   L.y...:+..N.j at I.
    0050 - 6a 5d d9 03 ef 16 84 73-79 b3 b3 1c 49 d5 92 f6   j].....sy...I...
    0060 - 85 88 ad 5c f2 e8 91 e0-dc d2 f2 43 90 c4 22 8f   ...\.......C..".
    0070 - 77 e9 f9 59 33 99 57 11-b0 34 f6 c1 e5 3d a3 d2   w..Y3.W..4...=..
    0080 - 1e c7 62 ad af 87 83 04-6f a6 29 31 f0 f4 61 da   ..b.....o.)1..a.
    0090 - 72 e6 65 55 b5 ae dc b6-50 17 9b f0 e1 9b a4 6b   r.eU....P......k

    Start Time: 1493619375
    Timeout   : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
    Extended master secret: no
---
* OK Gimap ready for requests from 14.139.155.135 ul17mb220053154obc
^C

Regards.

-- 
Sridhar M. A.

Sorry.  Nice try.




More information about the OfflineIMAP-project mailing list