离线IMAPS和CA证书

tag-icon tag-icon openssl ssl mutt certificates offlineimap
离线IMAPS和CA证书

这个问题是关于离线地图的,但有了给定的机会,我希望有资源来了解有关 ssl 证书及其整个处理的更多信息。

我下载了最新的离线地图(7.0.6),在完成最小配置后,我运行命令并收到以下错误:

Account sync Gmail:
 *** Processing account Gmail
 Establishing connection to imaps://imap.gmail.com:993 (GmailRemote)
 ERROR: No CA certificates and no server fingerprints configured.  You must configure at least something, otherwise having SSL helps nothing.
 *** Finished account 'Gmail' in 0:00
ERROR: Exceptions occurred during the run!
ERROR: No CA certificates and no server fingerprints configured.  You must configure at least something, otherwise having SSL helps nothing.

Traceback:
  File "/usr/local/lib/python2.7/dist-packages/offlineimap/accounts.py", line 271, in syncrunner
    self.__sync()
  File "/usr/local/lib/python2.7/dist-packages/offlineimap/accounts.py", line 334, in __sync
    remoterepos.getfolders()
  File "/usr/local/lib/python2.7/dist-packages/offlineimap/repository/IMAP.py", line 448, in getfolders
    imapobj = self.imapserver.acquireconnection()
  File "/usr/local/lib/python2.7/dist-packages/offlineimap/imapserver.py", line 511, in acquireconnection
    af=self.af,
  File "/usr/local/lib/python2.7/dist-packages/offlineimap/imaplibutil.py", line 194, in __init__
    super(WrappedIMAP4_SSL, self).__init__(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/offlineimap/bundled_imaplib2.py", line 2135, in __init__
    IMAP4.__init__(self, host, port, debug, debug_file, identifier, timeout, debug_buf_lvl)
  File "/usr/local/lib/python2.7/dist-packages/offlineimap/bundled_imaplib2.py", line 357, in __init__
    self.open(host, port)
  File "/usr/local/lib/python2.7/dist-packages/offlineimap/imaplibutil.py", line 201, in open
    "having SSL helps nothing.", OfflineImapError.ERROR.REPO)

我想从我的 gmail 帐户下载所有邮件,然后弄清楚如何用 mutt 阅读它。但首先我想做的就是拥有一个包含我所有邮件的文件夹。

这是我的 .offlineimaprc

[general]
accounts = Gmail

[Account Gmail]
localrepository = GmailLocal
remoterepository = GmailRemote
ssl = yes
synclabels = yes

[Repository GmailLocal]
type = Maildir
localfolders = ~/Mail/Gmail

[Repository GmailRemote]
type = IMAP
remotehost = imaps://imap.gmail.com
remoteuser = [MY_E-MAIL]@gmail.com

答案1

在不久的将来,offlineimap 开始验证 SSL 证书(是的,显然之前没有)。您不需要做明智的事情并默认使用默认的系统信任存储,而是需要手动配置每个远程存储库以指向证书列表。在 Debian/Ubuntu 系统上,以下设置应该Repository GmailRemote可以解决问题:

sslcacertfile = /etc/ssl/certs/ca-certificates.crt

在其他系统上,该文件可能位于不同的位置;网络搜索应该可以找到有关信任存储保存位置的详细信息。

相关内容