Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

isync/mbsync certificate issues (with gmail)
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
darthdeus
n00b
n00b


Joined: 09 Nov 2019
Posts: 4
PostPosted: Sat Nov 09, 2019 7:38 am    Post subject: isync/mbsync certificate issues (with gmail) Reply with quote
When I try to sync my gmail account with mbsync I get an error

Code:
SSL error connecting imap.gmail.com (74.125.206.109:993): self signed certificate


I have however succesfully used the same exact config (with the same certificates downloaded via openssl) on other machines, specifically Arch Linux and MacOS, and it worked. This makes me think that there is something else I need to configure/install on Gentoo for it to accept the certificate I'm using to connect to Gmail's IMAP server.

I have tried installing app-misc/ca-certificates but it did not help.
Back to top
View user's profile Send private message
The Main Man
Veteran
Veteran


Joined: 27 Nov 2014
Posts: 1171
Location: /run/user/1000
PostPosted: Sat Nov 09, 2019 10:11 am    Post subject: Reply with quote
That started happening to me month or two ago.

What worked for me is adding this line in .mbsyncrc, for your gmail accounts
Code:
SSLVersions TLSv1.1
Back to top
View user's profile Send private message
hdcg
Tux's lil' helper
Tux's lil' helper


Joined: 07 Apr 2013
Posts: 120
PostPosted: Sat Nov 09, 2019 10:14 am    Post subject: Reply with quote
Hi darthdeus,

check whether mbsync supports SNI. Issueing

Code:
openssl s_client -connect 74.125.206.109 -port 993


yields

Code:
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 OU = "No SNI provided; please fix your client.", CN = invalid2.invalid
verify error:num=18:self signed certificate
verify return:1
depth=0 OU = "No SNI provided; please fix your client.", CN = invalid2.invalid
verify return:1
---
Certificate chain
 0 s:OU = "No SNI provided; please fix your client.", CN = invalid2.invalid
   i:OU = "No SNI provided; please fix your client.", CN = invalid2.invalid
...


Adding the SNI info works

Code:
 openssl s_client -connect 74.125.206.109 -port 993 -servername imap.gmail.com
CONNECTED(00000003)
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = imap.gmail.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = imap.gmail.com
   i:C = US, O = Google Trust Services, CN = GTS CA 1O1
 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1
   i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
...


Best Regards,
Holger
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy