A generator that updates certificate fingerprints in .offlineimaprc

A generator that updates cert_fingerprint lines in .offlineimaprc configuration file. OfflineIMAP is a GPLv2 software to dispose your mailbox(es) as a local Maildir(s), which can be used with notmuch to retrieve mail from (several) IMAP servers and read and search through it.

The configuration contains cert_fingerprint lines to store certificates, which get outdated frequently and need to be updated. The updating is a bit of a hassle, hence this automated solution, which generates a .offlineimaprc file from a template file .offlineimaprct (created by you).

GUIs, TUIs and CLUIs

Although I strongly adhere to the "when there a TUI, don't use a GUI and when there's a CLUI, don't use a TUI" adage, there are good GUIs for web browsing and e-mail. But OfflineIMAP creates a great local backup of the e-mails on your server, which can be searched through very fast using notmuch.

Turtle and openssl

Turtle

Turtle is a reimplementation of the Unix command line environment in Haskell so that you can use Haskell as a scripting language or a shell. Think of turtle as coreutils embedded within the Haskell language.

openssl

OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the Transport Layer Security (TLS) protocol formerly known as the Secure Sockets Layer (SSL) protocol. The protocol implementation is based on a full-strength general purpose cryptographic library, which can also be used stand-alone.

The openssl command that is used by the generator to retrieve certificate fingerprints is as follows:

1openssl s_client -connect youremailserverbasedomain:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin

Backup your OflineIMAP configuration

First backup your .offlineimaprc configuration file! e.g. As follows:

cp ~/.offlineimaprc ~/.offlineimaprc.backup

.offlineimaprct template

Copy your .offlineimaprc file to .offlineimaprct and execute the generator program. Use the -v option to get verbose output.

.offlineimaprct (example)

 1# Sample configuration file
 2# Copyright (C) 2002-2011 John Goerzen & contributors
 3#
 4#    This program is free software; you can redistribute it and/or modify
 5#    it under the terms of the GNU General Public License as published by
 6#    the Free Software Foundation; either version 2 of the License, or
 7#    (at your option) any later version.
 8#
 9#    This program is distributed in the hope that it will be useful,
10#    but WITHOUT ANY WARRANTY; without even the implied warranty of
11#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12#    GNU General Public License for more details.
13#
14#    You should have received a copy of the GNU General Public License
15#    along with this program; if not, write to the Free Software
16#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
17
18# Looking for a quick start?  Take a look at offlineimap.conf.minimal.
19
20##################################################
21# General definitions
22##################################################
23
24[general]
25metadata = ~/.offlineimap
26accounts = Contact,Private
27
28# Set to the number of accounts.
29maxsyncaccounts = 2
30
31ui = machineui 
32ignore-readonly = no
33[mbnames]
34enabled = no
35filename = ~/Mutt/muttrc.mailboxes
36header = "mailboxes "
37peritem = "+%(accountname)s/%(foldername)s"
38sep = " "
39footer = "\n"
40[ui.Curses.Blinkenlights]
41statuschar = .
42postsynchook = ~/bin/offlineimap-postsync.sh
43
44##################################################
45# Accounts
46##################################################
47
48[Account Contact]
49localrepository = LocalContact
50remoterepository = RemoteContact
51[Repository LocalContact]
52type = Maildir
53localfolders = ~/notmuch/contact
54sep = .
55restoreatime = no
56[Repository RemoteContact]
57type = IMAP
58remotehost = mail.contactdomainname.com
59ssl = yes
60cert_fingerprint = hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh
61remoteuser = contact@contactdomainname.com
62remotepass = passwordgoeshere
63maxconnections = 2
64holdconnectionopen = no
65subscribedonly = no
66readonly = True
67
68[Account Private]
69localrepository = LocalPrivate
70remoterepository = RemotePrivate
71[Repository LocalPrivate]
72type = Maildir
73localfolders = ~/notmuch/private
74sep = .
75restoreatime = no
76[Repository RemotePrivate]
77type = IMAP
78remotehost = mail.privatedomainname.com
79ssl = yes
80cert_fingerprint = hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh:hh
81remoteuser = private@privatedomainname.com
82remotepass = passwordgoeshere
83maxconnections = 2
84holdconnectionopen = no
85subscribedonly = no
86readonly = True

Cloning the project and its submodules

1git clone --recurse-submodules https://github.com/maridonkers/OfflineImapGenerator

If the publicsuffix-haskell submodule is not created, then clone it manually, as follows:

1cd OfflineImapGenerator
2git clone https://github.com/wereHamster/publicsuffix-haskell/

Note: publicsuffix-haskell is in a submodule because you may want to bump it (use script/bump) to a more recent Public Suffix List.

Building and executing

See the Makefile. Under NixOS first use a make shell before the other make commands.

1cd OfflineImapGenerator/offlineimapgenerator
2make rebuild
3make run

To get a full path to the built executable use make ls and e.g. ln -s to create a symbolic link.

See the source code at maridonkers/OfflineImapGenerator on GitHub.

Disclaimer

This is a 'one shot' program (excuse my Haskell) that I'm using myself but have not checked extensively, not cleaned up the code. If I find some time or run into bugs then I'll clean it up (probably).

Posts in this Series