2

我正在尝试使用ProtonBridge设置isync并收到以下错误:

SSL error connecting 127.0.0.1 (127.0.0.1:1143): self signed certificate

我知道这是本地主机,因此我们提供的证书是自签名的。在任何其他电子邮件客户端中,例如在 Thunderbird 中,需要确认端口1143开启的安全异常,127.0.0.1.详见此处的步骤 5 。我完全不知道如何在 mbsync 中做到这一点。这是我的.msyncrc

IMAPStore someuser-remote
Host 127.0.0.1
Port 1143
User info@someuser.net
Pass protonbridgepassword
SSLType STARTTLS
CertificateFile /etc/ssl/certs/ca-certificates.crt

MaildirStore user-local
Path ~/Mail/
Inbox ~/Mail/INBOX
Subfolders Verbatim
Flatten .

Channel user
Master :user-remote:
Slave :user-local:
Create Both
Expunge Both
Patterns *
SyncState *

尝试了选项SystemCertificates no也无济于事。这是完整的日志:

Reading configuration file /home/user/.mbsyncrc
C: 0/1  B: 0/0  M: +0/0 *0/0 #0/0  S: +0/0 *0/0 #0/0
Channel user
Opening master store user-remote...
Resolving 127.0.0.1... ok
Connecting to 127.0.0.1 (127.0.0.1:1143)... 
Opening slave store user-local...
SSL error connecting 127.0.0.1 (127.0.0.1:1143): self signed certificate
C: 1/1  B: 0/0  M: +0/0 *0/0 #0/0  S: +0/0 *0/0 #0/0
4

2 回答 2

2

您需要按照此处的说明复制 ProtonBridge 的证书Step #1: Get the certificates。该openssl命令有些不同,因为您需要在连接到本地服务器时指定 STARTTLS 协议:

openssl s_client -starttls imap -connect 127.0.0.1:1143 -showcerts

它应该给你一些类似的东西:

CONNECTED(00000003)
depth=0 C = CH, O = Proton Technologies AG, OU = ProtonMail, CN = 127.0.0.1
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CH, O = Proton Technologies AG, OU = ProtonMail, CN = 127.0.0.1
verify return:1
---
Certificate chain
 0 s:/C=CH/O=Proton Technologies AG/OU=ProtonMail/CN=127.0.0.1
   i:/C=CH/O=Proton Technologies AG/OU=ProtonMail/CN=127.0.0.1
-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIQBW7/mrcQcB5Iu1POkJ3YNzANBgkqhkiG9w0BAQsFADBX
MQswCQYDVQQGEwJDSDEfMB0GA1UEChMWUHJvdG9uIFRlY2hub2xvZ2llcyBBRzET

(...)

kNvCZidKp31PdIO9IzQn2cI86f2mo1a+ad5dsd1HU4ZB+B3nMiWbQizaFmD3MrgO
cR/KRJtxKTcXQCBLqIi+t2sDFQ8uozs0xYbGHDrCPgCayZLfAVxGCwP2LANnQKw=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=CH/O=Proton Technologies AG/OU=ProtonMail/CN=127.0.0.1
issuer=/C=CH/O=Proton Technologies AG/OU=ProtonMail/CN=127.0.0.1
---
Acceptable client certificate CA names
/C=CH/O=Proton Technologies AG/OU=ProtonMail/CN=127.0.0.1
Client Certificate Types: RSA sign, ECDSA sign
Requested Signature Algorithms:

(...)

复制以 开头-----BEGIN CERTIFICATE-----和结尾的第一个块,将其-----END CERTIFICATE-----粘贴到文件中并以 .pem 扩展名保存。假设您将其命名为protonbridge.pem随后将其保存在 中/etc/ssl/certs/,您需要将其添加到您的~/mbsyncrc文件中:

CertificateFile /etc/ssl/certs/protonbridge.pem

应该是这样,您现在应该可以同步了。如链接中步骤 #1 末尾所述,我似乎不必复制根颁发者证书。如果这样做mbsync -l channel-name,您将看到要同步的所有邮箱的列表。Patterns INBOX Sent如果您不希望 Protonmail 帐户中的所有文件夹同步,您可能需要添加,包括一个名为“所有邮件”的文件夹!

于 2019-09-04T13:53:39.857 回答
2

正如@pusillanimous 在上面的评论中提到的那样,我确认直接指向 protomail 桥上的证书是可行的。

因此,您只需将以下内容添加到您的.mbsyncrc

CertificateFile ~/.config/protonmail/bridge/cert.pem
于 2022-01-12T19:19:27.160 回答