I'm trying to use Emacs gnus to connect to my gmail account. This is the relevant configuration code, taken mostly from here:
(setq tls-program '("openssl s_client -CAfile C:/Users/GGustafson/gmail.crt -connect %h:%p -no_ssl2 -ign_eof"))
(setq gnus-select-method '(nnimap "gmail"
(nnimap-address "imap.gmail.com")
(nnimap-server-port 993)
(nnimap-stream ssl)
(nnimap-authinfo-file "~/.authinfo")))
(setq message-send-mail-function 'smtpmail-send-it
smtpmail-starttls-credentials '(("smtp.gmail.com" 587 nil nil))
smtpmail-auth-credentials '(("smtp.gmail.com" 587 "gordon3.14@gmail.com" nil))
smtpmail-default-smtp-server "smtp.gmail.com"
smtpmail-smtp-server "smtp.gmail.com"
smtpmail-smtp-service 587)
When I reboot, launch emacs, and do M-x gnus
, I get these *Messages*
:
Opening connection to imap.gmail.com via tls...
gnutls.c: [1] (Emacs) GnuTLS library not found
Opening TLS connection to `imap.gmail.com'...
Opening TLS connection with `openssl s_client -CAfile C:/Users/GGustafson/gmail.crt -connect imap.gmail.com:993 -no_ssl2 -ign_eof'...done
Opening TLS connection to `imap.gmail.com'...done
nnimap (gmail) open error: 'depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority^M
'. Continue? (y or n) y
What exactly is happening here? Previously I was getting some verify error:num=20:unable to get local issuer certificate
errors, but I fixed those by following these instructions, which had me add the -CAfile
parameter with a copy of the appropriate certificate.
To confirm that, I can do this:
C:\Users\GGustafson>openssl s_client -CAfile C:/Users/GGustafson/gmail.crt -connect imap.gmail.com:993 -no_ssl2 -ign_eof
CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2 verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = imap.gmail.com verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
****SNIP****
Start Time: 1387083719
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
* OK Gimap ready for requests from 128.84.124.191 el7if9939594qeb.109
What am I missing to be able to read my Gmail with gnus? I'm on Windows 7 using Cygwin openssl.
What worked for me is using a gnutls port for windows instead of openssl, and removing any customization of tls-program
. Emacs will use the binaries from gnutls automatically if they are on your path since gnutls-cli
is the first program to try in the default values of tls-program
.
I suggest using gnutls before trying openssl, it probably comes first in the defaults for a reason.