I need to install offlineimap and mu4e on emacs. Problem is configuration. When I run offlineimap I get :

OfflineIMAP 6.5.5
Licensed under the GNU GPL v2+ (v2 or any later version)
Thread 'Account sync Gmail' terminated with exception:
Traceback (most recent call last):
File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/threadutil.py", line 158, in   run
Thread.run(self)
File "/anaconda/lib/python2.7/threading.py", line 763, in run
self.__target(*self.__args, **self.__kwargs)
File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/accounts.py", line 226, in  syncrunner
self.remoterepos = Repository(self, 'remote')
File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/repository/__init__.py", line 78, in __new__
return repo(name, account)
File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/repository/Gmail.py", line 37, in __init__
IMAPRepository.__init__(self, reposname, account)
File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/repository/IMAP.py", line 34, in __init__
self.imapserver = imapserver.IMAPServer(self)
File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/imapserver.py", line 83, in __init__
self.sslcacertfile = repos.getsslcacertfile()
File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/repository/IMAP.py", line 211, in getsslcacertfile
% (self.name, cacertfile))
SyntaxWarning: CA certfile for repository 'Remote' could not be found. No such file: '/usr/share/curl/ca-bundle.crt.original'


Last 2 debug messages logged for Account sync Gmail prior to exception:
thread: Register new thread 'Account sync Gmail' (account 'Gmail')
imap: Using authentication mechanisms ['GSSAPI', 'CRAM-MD5', 'PLAIN', 'LOGIN']

This is my .offlineimaprc

[general]
accounts = Gmail
maxsyncaccounts = 1
pythonfile = ~/.offlineimap.py

[Account Gmail]
localrepository = Local
remoterepository = Remote

[Repository Local]
type = Maildir
localfolders = ~/Maildir

[Repository Remote]
type = Gmail
remoteuser = enrico.pirani0@gmail.com
remotepasseval = get_password_emacs("imap.gmail.com", "enrico.pirani0@gmail.com", "993")
realdelete = no

folderfilter = lambda foldername: foldername not in ['[Gmail]/Spam', '[Gmail]/All Mail',    '[Gmail]/Starred', '[Gmail]/Important']

holdconnectionopen = true
keepalive = 60
sslcacertfile = /usr/share/curl/ca-bundle.crt.original #??

There is a problem with python install and one with the CA certificate. Point is there no any curl-ca-bundle brew package. I there any other way to install a certificate ?

I had a similar problem (on MacOS 10.10.2, openssl 1.0.2 and offlineimap 6.5.5 both from homebrew) and couldn't get the dummy certificate solution to work. However, I found a certfile that makes offlineimap stop complaining in /usr/local/etc/openssl/cert.pem (which is put there during the installation of openssl through homebrew, brew info openssl tells me). Caveat: I don't know whether this is a good or safe way to do this.

There is usually no CA certificate bundle on OS X, because SSL libraries typically use Apple's Security Framework internally and obtain certificates from Keychain.

You can create your own bundle from Keychain certificates, though: Open Keychain, navigate to the “Certificates” category in the “System Roots” keychain, and press Command+Shift+E (“Export items”), to save all certificates. I think that Python can handle the PEM format, so be sure to select that.

Alternatively, on OS X 10.6 and newer, the system Python is build against an OpenSSL version which always looks into Keychain as well. Hence, you can create a dummy bundle that only contains a dummy self-signed certification, and use that in your configuration to make OfflineIMAP shut up. It'll look into the Keychain certificates anyway.

See https://www.mercurial-scm.org/wiki/CACertificates#Mac_OS_X_10.6_and_higher for details.

A simple way to proceed is to use the curl certificate bundle. I use MacPorts, so this was obtained with

sudo port install curl-ca-bundle

You can then run port contents curl-ca-bundle to see what it installed, and then add the following to ~/.offlineimaprc in the section for your remote account

sslcacertfile =/opt/local/share/curl/curl-ca-bundle.crt

Note that this will also put a link to these certificates as /opt/local/etc/openssl/cert.pem.

I ran the above command given by @wood-guardian and then ran to fix the issue.

ruby -ropenssl -e "p OpenSSL::X509::DEFAULT_CERT_FILE"

export the result of above statement to SSL_CERT_FILE env variable

export SSL_CERT_FILE=/usr/local/etc/openssl/cert.pem

I had success on a Mac running 10.6 where I prefer the Homebrew ecosystem by using @patrick-sanan's answer and then symlinking in the Macports ecosystem version of cert.pem:

sudo rm /usr/local/etc/openssl
sudo ln -s /opt/local/etc/openssl/cert.pem /usr/local/etc/openssl

This could happen if you have multiple installations of openssl (say v1.0.2 and 1.1.1). If they were both installed by brew at some point in time, you'll have to uninstall both of them to remove the conflict

brew uninstall --ignore-dependencies --force openssl@1.1
brew uninstall --ignore-dependencies --force openssl

And the reinstall one of them, like

brew install openssl@1.1

Hope this works!