* IMAP SSL connection with certificate
@ 2010-07-20 8:56 Peter Weiss
0 siblings, 0 replies; 2+ messages in thread
From: Peter Weiss @ 2010-07-20 8:56 UTC (permalink / raw)
To: ding
Hello
I'm trying to setup imap access using openssl. The problem is that the
authentication only works with a client certificate, but no password
request is seen when starting gnus
The setup is:
(setq gnus-select-method '(nnimap "xxxxxx"
(nnimap-address "imap.xxxxxx.de")
(nnimap-server-port 993)
(nnimap-authenticator login)
(nnimap-stream ssl)
(nnimap-authinfo-file
"/home/peter/.authinfo")
(nnimap-user "weiss"))
From the imap-log buffer:
======================================================================
1 -> imap-opened: buffer=" *nnimap* xxxxxx"
1 <- imap-opened: nil
======================================================================
1 -> imap-open: server="imap.xxxxxx.de" port=993 stream=ssl auth=login
buffer=" *nnimap* xxxxxx"
| 2 -> imap-opened: buffer=" *nnimap* xxxxxx"
| 2 <- imap-opened: nil
| 2 -> imap-open-1: buffer=" *nnimap* xxxxxx"
| | 3 -> imap-ssl-open: name="imap" buffer=" *nnimap* xxxxxx"
server="imap.xxxxxx".de" port=993
| | | 4 -> imap-parse-greeting:
| | | 4 <- imap-parse-greeting: nil
| | | 4 -> imap-parse-greeting:
| | | 4 <- imap-parse-greeting: nil
| | | 4 -> imap-parse-greeting:
[...]
Gnus just hangs.
Emacs starts the correct openssl command:
openssl s_client -quiet -host imap.xxxxxx.de -port 993 -cert
/home/peter/Xxxxxx/Xxxxxx-cert.pem
If I enter this on the command line the connection can be established IMHO:
~:1> openssl s_client -quiet -host imap.xxxxxx.de -port 993 -cert
/home/peter/Xxxxxx/Xxxxxx-cert.pem
Enter pass phrase for /home/peter/Xxxxxx/Xxxxxx-cert.pem:
depth=0
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See
www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated -
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See
www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated -
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=27:certificate not trusted
verify return:1
depth=0
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See
www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated -
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=21:unable to verify the first certificate
verify return:1
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID] sol1 Cyrus IMAP4 v2.3.8
server ready
The .authinfo file is setup with correct login/ password.
Any suggestions on how to get further?
The stuff is seen with
Gnus v5.13
GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.20.0) of 2010-03-29
on rothera, modified by Debian
TIA -- Peter
--
Peter.Weiss@consol.de ConSol* Software GmbH
Phone +49 89 45841-546 Consulting & Solutions
Mobile +49 177 6040121 Franziskanerstr. 38
http://www.consol.de D-81669 München
^ permalink raw reply [flat|nested] 2+ messages in thread
* IMAP SSL connection with certificate
@ 2010-07-20 12:28 Peter Weiss
0 siblings, 0 replies; 2+ messages in thread
From: Peter Weiss @ 2010-07-20 12:28 UTC (permalink / raw)
To: ding
Hello,
I'm trying to setup imap access using openssl. The problem is that the
authentication only works with a client certificate, but no password
request is seen when starting gnus
The setup is:
(setq gnus-select-method '(nnimap "xxxxxx"
(nnimap-address "imap.xxxxxx.de")
(nnimap-server-port 993)
(nnimap-authenticator login)
(nnimap-stream ssl)
(nnimap-authinfo-file
"/home/peter/.authinfo")
(nnimap-user "weiss"))
From the imap-log buffer:
======================================================================
1 -> imap-opened: buffer=" *nnimap* xxxxxx"
1 <- imap-opened: nil
======================================================================
1 -> imap-open: server="imap.xxxxxx.de" port=993 stream=ssl auth=login
buffer=" *nnimap* xxxxxx"
| 2 -> imap-opened: buffer=" *nnimap* xxxxxx"
| 2 <- imap-opened: nil
| 2 -> imap-open-1: buffer=" *nnimap* xxxxxx"
| | 3 -> imap-ssl-open: name="imap" buffer=" *nnimap* xxxxxx"
server="imap.xxxxxx".de" port=993
| | | 4 -> imap-parse-greeting:
| | | 4 <- imap-parse-greeting: nil
| | | 4 -> imap-parse-greeting:
| | | 4 <- imap-parse-greeting: nil
| | | 4 -> imap-parse-greeting:
[...]
Gnus just hangs.
Emacs starts the correct openssl command:
openssl s_client -quiet -host imap.xxxxxx.de -port 993 -cert
/home/peter/Xxxxxx/Xxxxxx-cert.pem
If I enter this on the command line the connection can be established IMHO:
~:1> openssl s_client -quiet -host imap.xxxxxx.de -port 993 -cert
/home/peter/Xxxxxx/Xxxxxx-cert.pem
Enter pass phrase for /home/peter/Xxxxxx/Xxxxxx-cert.pem:
depth=0
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See
www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated -
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See
www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated -
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=27:certificate not trusted
verify return:1
depth=0
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See
www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated -
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=21:unable to verify the first certificate
verify return:1
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID] sol1 Cyrus IMAP4 v2.3.8
server ready
The .authinfo file is setup with correct login/ password.
Any suggestions on how to get further?
The stuff is seen with
Gnus v5.13
GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.20.0) of 2010-03-29
on rothera, modified by Debian
TIA -- Peter
--
Peter.Weiss@consol.de ConSol* Software GmbH
Phone +49 89 45841-546 Consulting & Solutions
Mobile +49 177 6040121 Franziskanerstr. 38
http://www.consol.de D-81669 München
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-07-20 12:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-07-20 8:56 IMAP SSL connection with certificate Peter Weiss
2010-07-20 12:28 Peter Weiss
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).