offlineimap and ssl requires configuration of fingerprint
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
offlineimap (Ubuntu) |
Confirmed
|
Low
|
Unassigned |
Bug Description
Upon upgrade from 12.04 to quantal, my offlineimap configuration broke, showing messages like:
| *** Processing account Gmail
| INFO:OfflineIma
| Establishing connection to imap.gmail.com:993
| INFO:OfflineIma
| ERROR: Server SSL fingerprint 'f3043dd689a2e7
| for hostname 'imap.gmail.com' does not match configured fingerprint.
| Please verify and set 'cert_fingerprint' accordingly if not set yet.
| INFO:OfflineIma
| for hostname 'imap.gmail.com' does not match configured fingerprint.
| Please verify and set 'cert_fingerprint' accordingly if not set yet.
The fix is for the user to add an entry for 'cert_fingerprint' in the same spot as 'ssl = yes' (which is automatic if 'type = Gmail').
Ie add:
cert_fingerprint = f3043dd689a2e7d
So that your Repository entry looks something like:
| [Repository GmailRemote]
| type = Gmail
| # ssl = yes # this is default for gmail
| cert_fingerprint = f3043dd689a2e7d
| remoteuser = <email address hidden>
There is some discussion at http://
This bug is filed upstream at:
https:/
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: offlineimap 6.5.4-2
ProcVersionSign
Uname: Linux 3.4.0-5-generic x86_64
ApportVersion: 2.2.3-0ubuntu6
Architecture: amd64
Date: Wed Jun 20 12:50:06 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
PackageArchitec
ProcEnviron:
TERM=xterm
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: offlineimap
UpgradeStatus: Upgraded to quantal on 2011-11-07 (226 days ago)
description: | updated |
Changed in offlineimap (Ubuntu): | |
importance: | Undecided → Low |
tags: | added: patch |
I see 2 ways to make the situation better: dddfbef82703a6c 65ea9b634c1' then you need to update the ddfbef82703a6c6 5ea9b634c1
a.) help upstream use system certificates if that is not already functional and build debian package so that works
b.) improve the error messages in the case where there is no entry for the Repository to be something more useful like:
| The server for repository 'Gmail' has a fingerprint that cannot be
| verified. If you trust the fingerprint of
| 'f3043dd689a2e7
| 'Repository Gmail' entry in offlineimaprc to include:
| ssl = yes
| cert_fingerprint = f3043dd689a2e7d
'a' is definitely useful, but I suspect will not fix the issue for everyone.