IMAP SSL connection with certificate

Gnus development mailing list
 help / color / mirror / Atom feed

From: Peter Weiss <Peter.Weiss@ConSol.de>
To: ding@gnus.org
Subject: IMAP SSL connection with certificate
Date: Tue, 20 Jul 2010 14:28:42 +0200	[thread overview]
Message-ID: <4C45967A.3070209@ConSol.de> (raw)

Hello,

I'm trying to setup imap access using openssl. The problem is that the
authentication only works with a client certificate, but no password
request is seen when starting gnus

The setup is:

(setq gnus-select-method          '(nnimap "xxxxxx"
                                    (nnimap-address     "imap.xxxxxx.de")
                                    (nnimap-server-port   993)
                                    (nnimap-authenticator login)
                                    (nnimap-stream        ssl)
                                    (nnimap-authinfo-file
                                     "/home/peter/.authinfo")
                                    (nnimap-user        "weiss"))

 From the imap-log buffer:

======================================================================
1 -> imap-opened: buffer=" *nnimap* xxxxxx"
1 <- imap-opened: nil
======================================================================
1 -> imap-open: server="imap.xxxxxx.de" port=993 stream=ssl auth=login
buffer=" *nnimap* xxxxxx"
| 2 -> imap-opened: buffer=" *nnimap* xxxxxx"
| 2 <- imap-opened: nil
| 2 -> imap-open-1: buffer=" *nnimap* xxxxxx"
| | 3 -> imap-ssl-open: name="imap" buffer=" *nnimap* xxxxxx"
server="imap.xxxxxx".de" port=993
| | | 4 -> imap-parse-greeting:
| | | 4 <- imap-parse-greeting: nil
| | | 4 -> imap-parse-greeting:
| | | 4 <- imap-parse-greeting: nil
| | | 4 -> imap-parse-greeting:
[...]

Gnus just hangs.

Emacs starts the correct openssl command:

openssl s_client -quiet -host imap.xxxxxx.de -port 993 -cert
/home/peter/Xxxxxx/Xxxxxx-cert.pem

If I enter this on the command line the connection can be established IMHO:

~:1>  openssl s_client -quiet -host imap.xxxxxx.de -port 993 -cert
/home/peter/Xxxxxx/Xxxxxx-cert.pem
Enter pass phrase for /home/peter/Xxxxxx/Xxxxxx-cert.pem:
depth=0
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See 

www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated -
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See 

www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated -
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=27:certificate not trusted
verify return:1
depth=0
/serialNumber=r9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=DE/O=*.xxxxxx.de/OU=GT91455568/OU=See 

www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated -
RapidSSL(R)/CN=*.xxxxxx.de
verify error:num=21:unable to verify the first certificate
verify return:1
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID] sol1 Cyrus IMAP4 v2.3.8
server ready

The .authinfo file is setup with correct login/ password.

Any suggestions on how to get further?

The stuff is seen with

Gnus v5.13
GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.20.0) of 2010-03-29
on rothera, modified by Debian

TIA -- Peter
-- 
Peter.Weiss@consol.de                         ConSol* Software GmbH
Phone  +49 89 45841-546                       Consulting & Solutions
Mobile +49 177 6040121                        Franziskanerstr. 38
http://www.consol.de                          D-81669 München

next             reply	other threads:[~2010-07-20 12:28 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-07-20 12:28 Peter Weiss [this message]
  -- strict thread matches above, loose matches on Subject: below --
2010-07-20  8:56 Peter Weiss

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C45967A.3070209@ConSol.de \
    --to=peter.weiss@consol.de \
    --cc=ding@gnus.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).