imaplib python with ssl certificate

Question

I'm trying to use imaplib.IMAP4_SSL function but I'm stuck with this error:

[Errno 336265225] _ssl.c:356: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

try:
        mail = imaplib.IMAP4_SSL(host='imap.gmail.com', port="993", certfile="certIMAP.pem")
except Exception as e:
        print e
        sys.exit()

The certificate has been downloaded with:

echo | openssl s_client -connect imap.gmail.com:993 2>/dev/null | openssl x509 > certIMAP.pem

Permission on the file are ok. If I use the keyfile option, they ask me the cert, and then the same error is obtained. I could not find example for this function with cert specification. Thank you.

Answer 1

While it is not obvious from the documentation I would suggest that the parameters certfile and keyfile are not used to verify the servers certificate (that's how you use it - and keyfile would not make any sense here) but are the optional certificate for the client and it's private key, which some server might require to identify the client (e.g. instead or additionally to password).

To verify the server you usually have something called CA file or CA path (CA = certificate agency) and you don't need a private key here. There seem to be no obvious way for given the CA certificates here, but Certificate Authority for imaplib and poplib python might help you with this.