cert_fingerprint errors on upgrade
sebastian at sspaeth.de
sebastian at sspaeth.de
Wed Jun 6 09:55:55 BST 2012
Many of you will experience an "error" like this on upgrading OfflineImap:
Establishing connection to imap.gmail.com:993
ERROR: Server SSL fingerprint 'f3043dd689a2e7dddfbef82703a6c65ea9b634c1'
for hostname 'imap.gmail.com' does not match configured fingerprint.
Please verify and set 'cert_fingerprint' accordingly if not set yet.
This error is no error, but the new feature of OfflineIMap to actually
perform a check of the SSL certificate of the IMAP server you connect to.
YOu can either set a CA certificate to verify it, or -absent a CA
certificate- you need to store the "fingerprint" of the SSL certificate in
your offlineimap.conf to make sure it does not change on subsequent
connects. If it changes, it will mean that the server has a) a new
certificate or b) there is a malicious man-in-the-middle.
The solution to this problem is easy:
in your repository section, add:
cert_fingerprint=f3043dd689a2e7dddfbef82703a6c65ea9b634c1
given the above error message.
More information about the OfflineIMAP-project
mailing list