IMAP SSL connection with certificate

Gnus development mailing list
 help / color / mirror / Atom feed

* IMAP SSL connection with certificate
@ 2010-07-20  8:56 Peter Weiss
  0 siblings, 0 replies; 2+ messages in thread
From: Peter Weiss @ 2010-07-20  8:56 UTC (permalink / raw)
  To: ding

Hello

I'm trying to setup imap access using openssl. The problem is that the
authentication only works with a client certificate, but no password
request is seen when starting gnus

The setup is:

(setq gnus-select-method          '(nnimap "xxxxxx"
                                    (nnimap-address     "imap.xxxxxx.de")
                                    (nnimap-server-port   993)
                                    (nnimap-authenticator login)
                                    (nnimap-stream        ssl)
                                    (nnimap-authinfo-file
                                     "/home/peter/.authinfo")
                                    (nnimap-user        "weiss"))

 From the imap-log buffer:

======================================================================
1 -> imap-opened: buffer=" *nnimap* xxxxxx"
1 <- imap-opened: nil
======================================================================
1 -> imap-open: server="imap.xxxxxx.de" port=993 stream=ssl auth=login 
buffer=" *nnimap* xxxxxx"
| 2 -> imap-opened: buffer=" *nnimap* xxxxxx"
| 2 <- imap-opened: nil
| 2 -> imap-open-1: buffer=" *nnimap* xxxxxx"
| | 3 -> imap-ssl-open: name="imap" buffer=" *nnimap* xxxxxx" 
server="imap.xxxxxx".de" port=993
| | | 4 -> imap-parse-greeting:
| | | 4 <- imap-parse-greeting: nil
| | | 4 -> imap-parse-greeting:
| | | 4 <- imap-parse-greeting: nil
| | | 4 -> imap-parse-greeting:
[...]

Gnus just hangs.

Emacs starts the correct openssl command:

openssl s_client -quiet -host imap.xxxxxx.de -port 993 -cert 
/home/peter/Xxxxxx/Xxxxxx-cert.pem

If I enter this on the command line the connection can be established IMHO:

~:1>  openssl s_client -quiet -host imap.xxxxxx.de -port 993 -cert 
/home/peter/Xxxxxx/Xxxxxx-cert.pem
Enter pass phrase for /home/peter/Xxxxxx/Xxxxxx-cert.pem:
depth=0 
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See 
www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - 
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See 
www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - 
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=27:certificate not trusted
verify return:1
depth=0 
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See 
www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - 
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=21:unable to verify the first certificate
verify return:1
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID] sol1 Cyrus IMAP4 v2.3.8 
server ready

The .authinfo file is setup with correct login/ password.

Any suggestions on how to get further?

The stuff is seen with

Gnus v5.13
GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.20.0) of 2010-03-29 
on rothera, modified by Debian

TIA -- Peter
-- 
Peter.Weiss@consol.de                         ConSol* Software GmbH
Phone  +49 89 45841-546                       Consulting & Solutions
Mobile +49 177 6040121                        Franziskanerstr. 38
http://www.consol.de                          D-81669 München




^ permalink raw reply	[flat|nested] 2+ messages in thread

* IMAP SSL connection with certificate
@ 2010-07-20 12:28 Peter Weiss
  0 siblings, 0 replies; 2+ messages in thread
From: Peter Weiss @ 2010-07-20 12:28 UTC (permalink / raw)
  To: ding

Hello,

I'm trying to setup imap access using openssl. The problem is that the
authentication only works with a client certificate, but no password
request is seen when starting gnus

The setup is:

(setq gnus-select-method          '(nnimap "xxxxxx"
                                    (nnimap-address     "imap.xxxxxx.de")
                                    (nnimap-server-port   993)
                                    (nnimap-authenticator login)
                                    (nnimap-stream        ssl)
                                    (nnimap-authinfo-file
                                     "/home/peter/.authinfo")
                                    (nnimap-user        "weiss"))

 From the imap-log buffer:

======================================================================
1 -> imap-opened: buffer=" *nnimap* xxxxxx"
1 <- imap-opened: nil
======================================================================
1 -> imap-open: server="imap.xxxxxx.de" port=993 stream=ssl auth=login
buffer=" *nnimap* xxxxxx"
| 2 -> imap-opened: buffer=" *nnimap* xxxxxx"
| 2 <- imap-opened: nil
| 2 -> imap-open-1: buffer=" *nnimap* xxxxxx"
| | 3 -> imap-ssl-open: name="imap" buffer=" *nnimap* xxxxxx"
server="imap.xxxxxx".de" port=993
| | | 4 -> imap-parse-greeting:
| | | 4 <- imap-parse-greeting: nil
| | | 4 -> imap-parse-greeting:
| | | 4 <- imap-parse-greeting: nil
| | | 4 -> imap-parse-greeting:
[...]

Gnus just hangs.

Emacs starts the correct openssl command:

openssl s_client -quiet -host imap.xxxxxx.de -port 993 -cert
/home/peter/Xxxxxx/Xxxxxx-cert.pem

If I enter this on the command line the connection can be established IMHO:

~:1>  openssl s_client -quiet -host imap.xxxxxx.de -port 993 -cert
/home/peter/Xxxxxx/Xxxxxx-cert.pem
Enter pass phrase for /home/peter/Xxxxxx/Xxxxxx-cert.pem:
depth=0
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See 

www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated -
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See 

www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated -
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=27:certificate not trusted
verify return:1
depth=0
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See 

www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated -
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=21:unable to verify the first certificate
verify return:1
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID] sol1 Cyrus IMAP4 v2.3.8
server ready

The .authinfo file is setup with correct login/ password.

Any suggestions on how to get further?

The stuff is seen with

Gnus v5.13
GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.20.0) of 2010-03-29
on rothera, modified by Debian

TIA -- Peter
-- 
Peter.Weiss@consol.de                         ConSol* Software GmbH
Phone  +49 89 45841-546                       Consulting & Solutions
Mobile +49 177 6040121                        Franziskanerstr. 38
http://www.consol.de                          D-81669 München




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-07-20 12:28 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-07-20  8:56 IMAP SSL connection with certificate Peter Weiss
2010-07-20 12:28 Peter Weiss

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).