I've just tried to use mbsync against GMail, and it failed with:
~~~~
SSL error connecting imap.gmail.com (66.102.1.109:993): self signed certificate
~~~~
Trying to get more info I've issued:
~~~~
openssl s_client -host 66.102.1.109 -port 993
~~~~
To which the certificate reads:
~~~~
X.509 Certificate Information:
Version: 3
Serial Number (hex): 0090768918e93393a0
Issuer: CN=invalid2.invalid,OU=No SNI provided\; please fix your client.
Validity:
Not Before: Thu Jan 01 00:00:00 UTC 2015
Not After: Tue Jan 01 00:00:00 UTC 2030
Subject: CN=invalid2.invalid,OU=No SNI provided\; please fix your client.
Subject Public Key Algorithm: RSA
~~~~
My exact configuration worked for a couple of years by now, and I've
found countless similar complaints for other software, thus I would
exclude my config as the culprit:
https://www.google.com/search?hl=en&q=gmail%20imap%20sni
Thus based on these, it would seem that the only solution is enabling
SNI. However looking into my man-page for `mbsync` there isn't such
an option.
Fortunately, as a work-around one can disable system certificatels
(although this kind of defeats the purpose of TLS), and manually
configure that invalid certificate to be used:
~~~~
SystemCertificates No
CertificateFile ./configuration/gmail.pem
~~~~
Any hints?
Thanks,
Ciprian.
_______________________________________________
isync-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/isync-devel
