Configuring offlineimap for gmail: SSL error

19

1

I'm trying to configure offlineimap to download my gmail but am getting the error:

OfflineIMAP 6.5.7
  Licensed under the GNU GPL v2 or any later version (with an OpenSSL exception)
Account sync Gmail:
 *** Processing account Gmail
 Establishing connection to imap.gmail.com:993
 ERROR: No CA certificates and no server fingerprints configured.  You must configure at least something, otherwise having SSL helps nothing.
 *** Finished account 'Gmail' in 0:00
ERROR: Exceptions occurred during the run!
ERROR: No CA certificates and no server fingerprints configured.  You must configure at least something, otherwise having SSL helps nothing.

Traceback:
  File "/usr/lib/python2.7/site-packages/offlineimap/accounts.py", line 263, in syncrunner
    self.__sync()
  File "/usr/lib/python2.7/site-packages/offlineimap/accounts.py", line 326, in __sync
    remoterepos.getfolders()
  File "/usr/lib/python2.7/site-packages/offlineimap/repository/IMAP.py", line 351, in getfolders
    imapobj = self.imapserver.acquireconnection()
  File "/usr/lib/python2.7/site-packages/offlineimap/imapserver.py", line 439, in acquireconnection
    use_socket=self.proxied_socket,
  File "/usr/lib/python2.7/site-packages/offlineimap/imaplibutil.py", line 186, in __init__
    super(WrappedIMAP4_SSL, self).__init__(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/offlineimap/imaplib2.py", line 2063, in __init__
    IMAP4.__init__(self, host, port, debug, debug_file, identifier, timeout, debug_buf_lvl)
  File "/usr/lib/python2.7/site-packages/offlineimap/imaplib2.py", line 344, in __init__
    self.open(host, port)
  File "/usr/lib/python2.7/site-packages/offlineimap/imaplibutil.py", line 193, in open
    "having SSL helps nothing.", OfflineImapError.ERROR.REPO)

My .offlineimaprc is:

[general]
accounts = Gmail
maxsyncaccounts = 3
sslcacertfile = /etc/ssl/certs/ca-certificates.crt

[Account Gmail]
localrepository = Local
remoterepository = Remote

[Repository Local]
type = Maildir
localfolders = ~/mail

[Repository Remote]
type = IMAP
remotehost = imap.gmail.com
remoteuser = wdrnls@gmail.com
remotepass = Secret
ssl = yes
maxconnections = 3
realdelete = no

I am specifying where my certs are. Why is it still erroring out?

wdkrnls

Posted 2015-06-14T01:35:25.293

Reputation: 924

Answers

33

Put entry:

sslcacertfile = /etc/ssl/certs/ca-certificates.crt

In section:

[Repository Remote]

Lukasz

Posted 2015-06-14T01:35:25.293

Reputation: 446

I needed /etc/ssl/certs/ca-bundle.crt for CentOS 6. – Hut8 – 2015-11-08T00:31:59.027

4

For OSX use: sslcacertfile = /usr/local/etc/openssl/cert.pem (found at http://rudolfochrist.github.io/blog/2015/03/21/offlineimap-with-ssl-files-on-osx/)

– AlexG – 2017-01-14T00:48:34.083

2

For FreeBSD install the port security/ca_root_nss

and then add

sslcacertfile = /usr/local/share/certs/ca-root-nss.crt

Peter Smith

Posted 2015-06-14T01:35:25.293

Reputation: 21

Asked: 2015-06-14T01:35:25.293

Viewed: 10 338 times

Active: 2017-05-08T08:36:52.707