--- crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
On Wed, May 3, 2017 at 6:08 PM, Ilias Tsitsimpis <[email protected]> wrote: > Hi Luke, Sridhar, > > On Wed, May 03, 2017 at 04:17PM, Luke Kenneth Casson Leighton wrote: >> On Wed, May 3, 2017 at 1:35 PM, Sridhar M. A. <[email protected]> wrote: >> > But, the problem I notice is that everytime I run offlineimap, the >> > fingerprint keeps changing >> >> there's absolutely no way that google would be changing the SSL >> certificate every hour. the complaints would be absolutely >> catastrophic. >> >> thus the only logical conclusion that can be reached is that someone >> in between you and imap.gmail.com is hijacking the SSL connection and >> carrying out a man-in-the-middle attack. > > This is not necessarily because of a man-in-the-middle attack. > imap.gmail.com resolves to more that one IPs, and depending on which one > is being used, the certificate changes. See for example: ahh that makes sense. i wasn't aware that the fingerprint changes per IP address. so... one possible "solution" would be to use a fixed IP address instead... but yes i'd agreee the ca-certificate would be much, much better. l. _______________________________________________ OfflineIMAP-project mailing list: [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project OfflineIMAP homepages: - https://github.com/OfflineIMAP - http://offlineimap.org
