You are not logged in.
- Topics: Active | Unanswered
#1 2018-09-15 07:44:37
- woodape
- Member
- Registered: 2015-03-25
- Posts: 159
[SOLVED] SSL Error - self signed certificate
After the following upgrade:
[2018-09-14 15:54] [ALPM] upgraded openssl (1.1.0.i-1 -> 1.1.1-1)Offlineimap stopped being able to connect to imap.gmail.com, with complaints about the SSL certificate. I tried installing isync and got:
SSL error connecting imap.gmail.com (64.233.166.108:993): self signed certificateAfter downgrading the openssl package back down to 1.1.0.i-1 I was able to connect again.
Is it a security risk if I keep the downgraded openssl? Is this something Google needs to update, or does the new openssl package need some kind of fix?
Last edited by woodape (2018-09-16 05:55:16)
Offline
#2 2018-09-15 11:01:02
- loqs
- Member
- Registered: 2014-03-06
- Posts: 18,122
Re: [SOLVED] SSL Error - self signed certificate
https://bugs.archlinux.org/task/60059
offlineimap does not support SNI which is required by gmail for TLS 1.3
Edit:
isync same issue should be fixed by https://sourceforge.net/p/isync/isync/c … 5790c05d27
Last edited by loqs (2018-09-15 11:05:53)
Offline
#3 2018-09-15 18:58:54
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,424
- Website
Re: [SOLVED] SSL Error - self signed certificate
Another workaround is to replace sslcacertfile with cert_fingerprint.
Offline
#4 2018-09-15 19:26:11
- firecat53
- Member
- From: Lake Stevens, WA, USA
- Registered: 2007-05-14
- Posts: 1,542
- Website
Re: [SOLVED] SSL Error - self signed certificate
I worked around this for now by adding
SSLVersions TLSv1.1to my .mbsyncrc for each IMAP account.
Edit: I keep using Markdown syntax!
Last edited by firecat53 (2018-09-15 19:26:49)
Offline
#5 2018-09-16 05:54:56
- woodape
- Member
- Registered: 2015-03-25
- Posts: 159
Re: [SOLVED] SSL Error - self signed certificate
I worked around this for now by adding
SSLVersions TLSv1.1to my .mbsyncrc for each IMAP account.
This seems to work for me. Marking it solved. Thanks for the info everyone!
Offline
#6 2018-09-16 06:37:56
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,424
- Website
Re: [SOLVED] SSL Error - self signed certificate
IMO, a better option is to apply loqs' patch (on the bugtracker).
Offline
#7 2018-09-16 09:33:38
- woodape
- Member
- Registered: 2015-03-25
- Posts: 159
Re: [SOLVED] SSL Error - self signed certificate
After installing isync and giving it a test-run, I think I actually like it better than offlineimap - it's a little easier on my CPU. But if I change my mind soon, and the patch isn't applied in the official package, I'll apply it myself. Thanks for the help, and thanks @loqs for doing the patch work!
Offline