Gmail SSL cannot be verified.
I'm running sylpheed-3.4.2 on OpenBSD/amd64. When I set up my gmail account and enter my application-specific IMAP password, I get a warning that gmail's SSL server could not be verified:
The SSL certificate of imap.gmail.com cannot be verified by the following reason:
unable to get local issuer certificate
Subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
Issuer: /C=US/O=Google Inc/CN=Google Internet Authority G2
Issued date: Sep 24 10:09:05 2014 GMT
Expire date: Dec 23 00:00:00 2014 GMT
SHA1 fingerprint: 2B:AB:9D:FE:EC:44:C8:0D:F7:AD:9D:5C:62:81:D1:B9:36:9B:A2:32
MD5 fingerprint: 4E:EF:3F:F0:5E:72:58:42:3D:DB:5A:90:08:E5:8D:0F
Do you accept this certificate?
This makes me very nervous, and I am forced to hit reject.
What I find odd is that my offlineimap config, which connects to the same server, can connect and verify the cert. There I am just using a sslcacertfile option.
Is this a bug in sylpheed, or a misconfiguration, or...?
#1 Updated by Hiroyuki Yamamoto over 2 years ago
It seems that Sylpheed cannot find appropriate SSL certificates.
Sylpheed looks for them by the following order:
~/.sylpheed-2.0/ ~/.sylpheed-2.0/certs/ /etc/ssl/certs/ /etc/ssl/ /etc/
(for each directory, the following certs bundle files are checked)
- ca-certificates.crt - ca-bundle.crt - ca-root.crt - certs.crt
If OpenBSD stores certs bundle in another location,
you have to copy or symlink it to ~/.sylpheed-2.0/certs.crt as a workaround.
#2 Updated by Amit Kulkarni about 1 year ago
Edd committed a patch to fix this issue alongwith Daniel Jakots. Can you please add this patch to Sylpheed SVN?