Trouble opening gmail nnimap server in Emacs gnus

2019-02-26 07:56发布

I'm trying to use Emacs gnus to connect to my gmail account. This is the relevant configuration code, taken mostly from here:

(setq tls-program '("openssl s_client -CAfile C:/Users/GGustafson/gmail.crt -connect %h:%p -no_ssl2 -ign_eof"))

(setq gnus-select-method '(nnimap "gmail"
  (nnimap-address "imap.gmail.com")  
  (nnimap-server-port 993)
  (nnimap-stream ssl)
  (nnimap-authinfo-file "~/.authinfo")))

(setq message-send-mail-function 'smtpmail-send-it
 smtpmail-starttls-credentials '(("smtp.gmail.com" 587 nil nil))
  smtpmail-auth-credentials '(("smtp.gmail.com" 587 "gordon3.14@gmail.com" nil))
  smtpmail-default-smtp-server "smtp.gmail.com"
  smtpmail-smtp-server "smtp.gmail.com"
  smtpmail-smtp-service 587)

When I reboot, launch emacs, and do M-x gnus, I get these *Messages*:

Opening connection to imap.gmail.com via tls...
gnutls.c: [1] (Emacs) GnuTLS library not found
Opening TLS connection to `imap.gmail.com'...
Opening TLS connection with `openssl s_client -CAfile C:/Users/GGustafson/gmail.crt -connect imap.gmail.com:993 -no_ssl2 -ign_eof'...done
Opening TLS connection to `imap.gmail.com'...done
nnimap (gmail) open error: 'depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority^M
'.  Continue? (y or n)  y

What exactly is happening here? Previously I was getting some verify error:num=20:unable to get local issuer certificate errors, but I fixed those by following these instructions, which had me add the -CAfile parameter with a copy of the appropriate certificate.

To confirm that, I can do this:

C:\Users\GGustafson>openssl s_client -CAfile C:/Users/GGustafson/gmail.crt -connect imap.gmail.com:993 -no_ssl2 -ign_eof
CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2 verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = imap.gmail.com verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
****SNIP****
    Start Time: 1387083719
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
* OK Gimap ready for requests from 128.84.124.191 el7if9939594qeb.109

What am I missing to be able to read my Gmail with gnus? I'm on Windows 7 using Cygwin openssl.

2条回答
来,给爷笑一个
2楼-- · 2019-02-26 08:25

One thing I needed to do on Windows 7 to connect to gmail from gnus was:

;; So gnutls can find trustfiles on windows
(eval-after-load "gnutls"
'(progn
  (setq gnutls-trustfiles '("c:/cygwin/usr/ssl/certs/ca-bundle.trust.crt" "c:/cygwin/usr/ssl/certs/ca-bundle.crt"))))

Other than that, rest of setup is similar:

(setq gnus-secondary-select-methods
      '(
    (nnimap "gmail"
           (nnimap-address "imap.gmail.com")
           (nnimap-server-port 993)
           (nnimap-stream ssl)
           (nnir-search-engine imap)
           (nnimap-authinfo-file "~/.authinfo")
           )
    (nntp "news.gmane.org")
    (nnfolder "archive"
      (nnfolder-directory   "~/Documents/Text/Gnus/Mail/archive")
      (nnfolder-active-file "~/Documents/Text/Gnus/Mail/archive/active")
      (nnfolder-get-new-mail nil)
      (nnfolder-inhibit-expiry t))))

Able to read mail fine from gmail.

查看更多
手持菜刀,她持情操
3楼-- · 2019-02-26 08:42

What worked for me is using a gnutls port for windows instead of openssl, and removing any customization of tls-program. Emacs will use the binaries from gnutls automatically if they are on your path since gnutls-cli is the first program to try in the default values of tls-program.

I suggest using gnutls before trying openssl, it probably comes first in the defaults for a reason.

查看更多
登录 后发表回答