marcelolaia@gmail.com:
>
> ~$ openssl s_client -connect imap.ufvjm.edu.br:993
> ---
> Certificate chain
> 0 s:/C=BR/CN=imap.ufvjm.edu.br
> i:/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom
> Class 1 DV Server CA
> 1 s:/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom
> Class 1 DV Server CA
> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
> Certification Authority
> 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
> Certification Authority
> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
> Certification Authority
Looks good to me. The final certificate is self-signed but that is
expected for a root certificate of a CA, but …
> Verification error: self signed certificate in certificate chain
… apparently OpenSSL doesn't like that. I don't know why this happens.
In any case, you cannot change anything wrt to this certificate chain
unless you are (or can influence) the administrator of
imap.ufvjm.edu.br.
> offlineimap returns
>
> ERROR: Unknown SSL protocol connecting to host 'imap.ufvjm.edu.br' for
> repository 'XXXXX-Remote'. OpenSSL responded:
> [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
Same issue here (probably because offlineimap uses OpenSSL).
Offlineimap's manpage suggests that by default it doesn't check
certificates at all (at least on jessie), but apparently it still does.
You could either try to add the CA certificate into /etc/ssl/certs or
add the certificate of the remote endpoint into your offlineimap
remote configuration using "cert_fingerprint" as suggested here:
https://github.com/OfflineIMAP/offlineimap/issues/322
Unfortunately, I cannot tell you exactly how to do either.
J.
--
Hell will have perfume.
[Agree] [Disagree]
<http://archive.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature