marcelol...@gmail.com: > > ~$ openssl s_client -connect imap.ufvjm.edu.br:993 > --- > Certificate chain > 0 s:/C=BR/CN=imap.ufvjm.edu.br > i:/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom > Class 1 DV Server CA > 1 s:/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom > Class 1 DV Server CA > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom > Certification Authority > 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom > Certification Authority > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom > Certification Authority
Looks good to me. The final certificate is self-signed but that is expected for a root certificate of a CA, but … > Verification error: self signed certificate in certificate chain … apparently OpenSSL doesn't like that. I don't know why this happens. In any case, you cannot change anything wrt to this certificate chain unless you are (or can influence) the administrator of imap.ufvjm.edu.br. > offlineimap returns > > ERROR: Unknown SSL protocol connecting to host 'imap.ufvjm.edu.br' for > repository 'XXXXX-Remote'. OpenSSL responded: > [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) Same issue here (probably because offlineimap uses OpenSSL). Offlineimap's manpage suggests that by default it doesn't check certificates at all (at least on jessie), but apparently it still does. You could either try to add the CA certificate into /etc/ssl/certs or add the certificate of the remote endpoint into your offlineimap remote configuration using "cert_fingerprint" as suggested here: https://github.com/OfflineIMAP/offlineimap/issues/322 Unfortunately, I cannot tell you exactly how to do either. J. -- Hell will have perfume. [Agree] [Disagree] <http://archive.slowlydownward.com/NODATA/data_enter2.html>
signature.asc
Description: Digital signature
