From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/69818 Path: news.gmane.org!not-for-mail From: Peter Weiss Newsgroups: gmane.emacs.gnus.general Subject: IMAP SSL connection with certificate Date: Tue, 20 Jul 2010 14:28:42 +0200 Message-ID: <4C45967A.3070209@ConSol.de> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1279628992 5814 80.91.229.12 (20 Jul 2010 12:29:52 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 20 Jul 2010 12:29:52 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M18208@lists.math.uh.edu Tue Jul 20 14:29:50 2010 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1ObBxF-0002Wu-9k for ding-account@gmane.org; Tue, 20 Jul 2010 14:29:49 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1ObBwi-0001z5-RU; Tue, 20 Jul 2010 07:29:16 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1ObBwh-0001yt-He for ding@lists.math.uh.edu; Tue, 20 Jul 2010 07:29:15 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1ObBwf-0008SP-Vu for ding@lists.math.uh.edu; Tue, 20 Jul 2010 07:29:15 -0500 Original-Received: from gate2.consol.net ([194.246.122.12] helo=gw2.consol.de) by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian)) id 1ObBwf-00052U-00 for ; Tue, 20 Jul 2010 14:29:13 +0200 Original-Received: from sol1.bb.consol.de (sol1.bb.consol.de [10.250.0.71]) by gw2.consol.de (8.14.4/8.14.4) with ESMTP id o6KCSgsZ023095 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 20 Jul 2010 14:28:42 +0200 (CEST) (envelope-from Peter.Weiss@ConSol.de) Original-Received: from [10.5.0.9] (ray3.roc.consol.de [10.5.0.9]) by sol1.bb.consol.de (8.13.8+Sun/8.13.7) with ESMTP id o6KCSgAA005900 for ; Tue, 20 Jul 2010 14:28:42 +0200 (CEST) User-Agent: Thunderbird 2.0.0.23 (X11/20090910) X-purgate-type: clean X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de X-purgate: clean X-purgate: This mail is considered clean (visit http://www.eleven.de for further information) X-purgate-size: 3694 X-purgate-ID: 153102::1279628922-00006D99-439B245B/0-0/0-0 X-Virus-Scanned: clamav-milter 0.96 at gw2.consol.de X-Virus-Status: Clean X-Spam-Score: -1.9 (-) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:69818 Archived-At: Hello, I'm trying to setup imap access using openssl. The problem is that the authentication only works with a client certificate, but no password request is seen when starting gnus The setup is: (setq gnus-select-method '(nnimap "xxxxxx" (nnimap-address "imap.xxxxxx.de")= (nnimap-server-port 993) (nnimap-authenticator login) (nnimap-stream ssl) (nnimap-authinfo-file "/home/peter/.authinfo") (nnimap-user "weiss")) From the imap-log buffer: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 1 -> imap-opened: buffer=3D" *nnimap* xxxxxx" 1 <- imap-opened: nil =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 1 -> imap-open: server=3D"imap.xxxxxx.de" port=3D993 stream=3Dssl auth=3D= login buffer=3D" *nnimap* xxxxxx" | 2 -> imap-opened: buffer=3D" *nnimap* xxxxxx" | 2 <- imap-opened: nil | 2 -> imap-open-1: buffer=3D" *nnimap* xxxxxx" | | 3 -> imap-ssl-open: name=3D"imap" buffer=3D" *nnimap* xxxxxx" server=3D"imap.xxxxxx".de" port=3D993 | | | 4 -> imap-parse-greeting: | | | 4 <- imap-parse-greeting: nil | | | 4 -> imap-parse-greeting: | | | 4 <- imap-parse-greeting: nil | | | 4 -> imap-parse-greeting: [...] Gnus just hangs. Emacs starts the correct openssl command: openssl s_client -quiet -host imap.xxxxxx.de -port 993 -cert /home/peter/Xxxxxx/Xxxxxx-cert.pem If I enter this on the command line the connection can be established IMH= O: ~:1> openssl s_client -quiet -host imap.xxxxxx.de -port 993 -cert /home/peter/Xxxxxx/Xxxxxx-cert.pem Enter pass phrase for /home/peter/Xxxxxx/Xxxxxx-cert.pem: depth=3D0 /serialNumber=3Dr9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=3DDE/O=3D*.xxxxxx.de/O= U=3DGT91455568/OU=3DSee=20 www.rapidssl.com/resources/cps (c)10/OU=3DDomain Control Validated - RapidSSL(R)/CN=3D*.xxxxxx.de verify error:num=3D20:unable to get local issuer certificate verify return:1 depth=3D0 /serialNumber=3Dr9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=3DDE/O=3D*.xxxxxx.de/O= U=3DGT91455568/OU=3DSee=20 www.rapidssl.com/resources/cps (c)10/OU=3DDomain Control Validated - RapidSSL(R)/CN=3D*.xxxxxx.de verify error:num=3D27:certificate not trusted verify return:1 depth=3D0 /serialNumber=3Dr9xSb8CojWsg1RgsEAgSbLIPCy2IWbC2/C=3DDE/O=3D*.xxxxxx.de/O= U=3DGT91455568/OU=3DSee=20 www.rapidssl.com/resources/cps (c)10/OU=3DDomain Control Validated - RapidSSL(R)/CN=3D*.xxxxxx.de verify error:num=3D21:unable to verify the first certificate verify return:1 * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID] sol1 Cyrus IMAP4 v2.3.8 server ready The .authinfo file is setup with correct login/ password. Any suggestions on how to get further? The stuff is seen with Gnus v5.13 GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.20.0) of 2010-03-29 on rothera, modified by Debian TIA -- Peter --=20 Peter.Weiss@consol.de ConSol* Software GmbH Phone +49 89 45841-546 Consulting & Solutions Mobile +49 177 6040121 Franziskanerstr. 38 http://www.consol.de D-81669 M=FCnchen