Openssl
離線 IMAPS 和 CA 證書
這個問題是關於offlineimaps的,但是有機會我希望有資源來了解更多關於ssl證書的資訊以及與它們的整個處理。
我下載了最新的離線地圖(7.0.6),在完成最小配置後,我執行命令並收到以下錯誤:
Account sync Gmail: *** Processing account Gmail Establishing connection to imaps://imap.gmail.com:993 (GmailRemote) ERROR: No CA certificates and no server fingerprints configured. You must configure at least something, otherwise having SSL helps nothing. *** Finished account 'Gmail' in 0:00 ERROR: Exceptions occurred during the run! ERROR: No CA certificates and no server fingerprints configured. You must configure at least something, otherwise having SSL helps nothing. Traceback: File "/usr/local/lib/python2.7/dist-packages/offlineimap/accounts.py", line 271, in syncrunner self.__sync() File "/usr/local/lib/python2.7/dist-packages/offlineimap/accounts.py", line 334, in __sync remoterepos.getfolders() File "/usr/local/lib/python2.7/dist-packages/offlineimap/repository/IMAP.py", line 448, in getfolders imapobj = self.imapserver.acquireconnection() File "/usr/local/lib/python2.7/dist-packages/offlineimap/imapserver.py", line 511, in acquireconnection af=self.af, File "/usr/local/lib/python2.7/dist-packages/offlineimap/imaplibutil.py", line 194, in __init__ super(WrappedIMAP4_SSL, self).__init__(*args, **kwargs) File "/usr/local/lib/python2.7/dist-packages/offlineimap/bundled_imaplib2.py", line 2135, in __init__ IMAP4.__init__(self, host, port, debug, debug_file, identifier, timeout, debug_buf_lvl) File "/usr/local/lib/python2.7/dist-packages/offlineimap/bundled_imaplib2.py", line 357, in __init__ self.open(host, port) File "/usr/local/lib/python2.7/dist-packages/offlineimap/imaplibutil.py", line 201, in open "having SSL helps nothing.", OfflineImapError.ERROR.REPO)我想從我的 gmail 帳戶下載所有郵件,然後想辦法用 mutt 閱讀它。但首先我想做的就是有一個文件夾,裡面有我所有的郵件。
這是我的 .offlineimaprc
[general] accounts = Gmail [Account Gmail] localrepository = GmailLocal remoterepository = GmailRemote ssl = yes synclabels = yes [Repository GmailLocal] type = Maildir localfolders = ~/Mail/Gmail [Repository GmailRemote] type = IMAP remotehost = imaps://imap.gmail.com remoteuser = [MY_E-MAIL]@gmail.com
在不久的將來,offlineimap 開始驗證 SSL 證書(是的,顯然之前不是)。您需要手動配置每個遠端儲存庫以指向證書列表,而不是做明智的事情,並預設使用預設的系統信任庫。在 Debian/Ubuntu 系統上,下面的設置
Repository GmailRemote應該可以解決問題:sslcacertfile = /etc/ssl/certs/ca-certificates.crt在其他系統上,該文件可能位於不同的位置;網路搜尋應該可以找到有關信任庫保存位置的詳細資訊。