You are not logged in.

#1 2018-09-15 07:44:37

woodape
Member
Registered: 2015-03-25
Posts: 159

[SOLVED] SSL Error - self signed certificate

After the following upgrade:

[2018-09-14 15:54] [ALPM] upgraded openssl (1.1.0.i-1 -> 1.1.1-1)

Offlineimap stopped being able to connect to imap.gmail.com, with complaints about the SSL certificate. I tried installing isync and got:

SSL error connecting imap.gmail.com (64.233.166.108:993): self signed certificate

After downgrading the openssl package back down to 1.1.0.i-1 I was able to connect again.

Is it a security risk if I keep the downgraded openssl? Is this something Google needs to update, or does the new openssl package need some kind of fix?

Last edited by woodape (2018-09-16 05:55:16)

Offline

#2 2018-09-15 11:01:02

loqs
Member
Registered: 2014-03-06
Posts: 17,197

Re: [SOLVED] SSL Error - self signed certificate

https://bugs.archlinux.org/task/60059
offlineimap does not support SNI which is required by gmail for TLS 1.3
Edit:
isync same issue should be fixed by https://sourceforge.net/p/isync/isync/c … 5790c05d27

Last edited by loqs (2018-09-15 11:05:53)

Offline

#3 2018-09-15 18:58:54

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [SOLVED] SSL Error - self signed certificate

Another workaround is to replace sslcacertfile with cert_fingerprint.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#4 2018-09-15 19:26:11

firecat53
Member
From: Lake Stevens, WA, USA
Registered: 2007-05-14
Posts: 1,542
Website

Re: [SOLVED] SSL Error - self signed certificate

I worked around this for now by adding

SSLVersions TLSv1.1

to my .mbsyncrc for each IMAP account.

Edit: I keep using Markdown syntax!

Last edited by firecat53 (2018-09-15 19:26:49)

Offline

#5 2018-09-16 05:54:56

woodape
Member
Registered: 2015-03-25
Posts: 159

Re: [SOLVED] SSL Error - self signed certificate

firecat53 wrote:

I worked around this for now by adding

SSLVersions TLSv1.1

to my .mbsyncrc for each IMAP account.

This seems to work for me. Marking it solved. Thanks for the info everyone!

Offline

#6 2018-09-16 06:37:56

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [SOLVED] SSL Error - self signed certificate

IMO, a better option is to apply loqs' patch (on the bugtracker).


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#7 2018-09-16 09:33:38

woodape
Member
Registered: 2015-03-25
Posts: 159

Re: [SOLVED] SSL Error - self signed certificate

After installing isync and giving it a test-run, I think I actually like it better than offlineimap - it's a little easier on my CPU. But if I change my mind soon, and the patch isn't applied in the official package, I'll apply it myself. Thanks for the help, and thanks @loqs for doing the patch work!

Offline

Board footer

Powered by FluxBB