OfflineIMAP/offlineimap3

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed error

drselump14 opened this issue · 4 comments

drselump14 commented

General informations

  • system/distribution (with version): macOS Ventura 13.4
  • offlineimap version (offlineimap -V): 8.0.0
  • Python version: 3.11.3
  • server name or domain:
  • CLI options: -u basic

Configuration file offlineimaprc

maxconnections = 1
# sslcacertfile = /usr/local/etc/openssl@1.1/cert.pem
sslcacertfile = /opt/homebrew/etc/ca-certificates/cert.pem
type = Gmail

pythonfile (if any)

Logs, error

ERROR: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)> (configuration is: {'client_id': 'client_id', 'client_secret': 'client_secret', 'refresh_token': 'token', 'grant_type': 'refresh_token'})
ERROR: While attempting to sync account
  'SSLCertVerificationError' object is not subscriptable

Steps to reproduce the error

  • offlineimap -u basic
  • get the error

Not sure why, but it suddenly stops working on my environment

drselump14 commented

Fixed it by upgrading the certify with pip install --upgrade certifi

and install the certs by using this script

#!/usr/bin/env python3
# install_certifi.py
#
# sample script to install or update a set of default Root Certificates
# for the ssl module.  Uses the certificates provided by the certifi package:
#       https://pypi.python.org/pypi/certifi

import os
import os.path
import ssl
import stat
import subprocess
import sys

STAT_0o775 = ( stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR
             | stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP
             | stat.S_IROTH |                stat.S_IXOTH )


def main():
    openssl_dir, openssl_cafile = os.path.split(
        ssl.get_default_verify_paths().openssl_cafile)

    # +++> if already done  <----
    #print(" -- pip install --upgrade certifi")
    #subprocess.check_call([sys.executable,
    #    "-E", "-s", "-m", "pip", "install", "--upgrade", "certifi"])

    import certifi
    # change working directory to the default SSL directory
    os.chdir(openssl_dir)
    relpath_to_certifi_cafile = os.path.relpath(certifi.where())
    print(" -- removing any existing file or link")
    try:
        os.remove(openssl_cafile)
    except FileNotFoundError:
        pass
    print(" -- creating symlink to certifi certificate bundle")
    os.symlink(relpath_to_certifi_cafile, openssl_cafile)
    print(" -- setting permissions")
    os.chmod(openssl_cafile, STAT_0o775)
    print(" -- update complete")

if __name__ == '__main__':
    main()
chris001 commented

@drselump14
Is this issue MacOS-specific? Or homebrew-specific?

drselump14 commented

@drselump14 Is this issue MacOS-specific? Or homebrew-specific?

I can confirm that running the offlineimap directly from the source code with python offlineimap.py also causes the same error. So I guess it's more MacOS-specific

  • 👍1