SSLError occurs unexpectedly when refreshing inbox with ssl=True

[hawkins]

The following error is encountered when refreshing inbox with ssl=True: SSLError: [('SSL routines', 'SSL3_GET_RECORD', 'decryption failed or bad record mac')]

This error occurs when using imapclient==1.0.2 with ssl=True. It seems that this does not occur when using ssl=False on some networks, yet on some other networks, setting ssl=False will cause the IMAP server to be unable to connect.

I've tried using imapclient==0.13 to avoid an SSL Version error, but this seems to be the new issue.

Not sure what's going on here, but may have something to do with this SO post on multiprocessing in Python with SSL.

Full stack trace is as follows:

Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
    self.run()
  File "/usr/lib/python2.7/threading.py", line 1073, in run
    self.function(*self.args, **self.kwargs)
  File "/home/chrx/git/shawk/shawk/Client.py", line 197, in auto_refresh
    self.refresh()
  File "/home/chrx/git/shawk/shawk/Client.py", line 207, in refresh
    raw_msgs = self.imap.fetch(uids, ['BODY[TEXT]', 'BODY[HEADER.FIELDS (FROM)]', 'INTERNALDATE'])
  File "/usr/local/lib/python2.7/dist-packages/imapclient/imapclient.py", line 972, in fetch
    typ, data = self._imap._command_complete('FETCH', tag)
  File "/usr/lib/python2.7/imaplib.py", line 910, in _command_complete
    typ, data = self._get_tagged_response(tag)
  File "/usr/lib/python2.7/imaplib.py", line 1017, in _get_tagged_response
    self._get_response()
  File "/usr/lib/python2.7/imaplib.py", line 974, in _get_response
    data = self.read(size)
  File "/usr/local/lib/python2.7/dist-packages/imapclient/tls.py", line 181, in read
    return self.file.read(size)
  File "/usr/local/lib/python2.7/dist-packages/backports/ssl/core.py", line 488, in read
    data = _safe_ssl_call(False, self._sock, 'recv', maxbufsize)
  File "/usr/local/lib/python2.7/dist-packages/backports/ssl/core.py", line 222, in _safe_ssl_call
    raise SSLError(*e.args)
SSLError: [('SSL routines', 'SSL3_GET_RECORD', 'decryption failed or bad record mac')]

[hawkins]

I've replaced how threading works in recent commits so here's the latest info on failing to connect.

I'm on another network today, worth mentioning that this network has no proxy. I can only use Shawk successfully with ssl=True on this network.

ssl=False seems to time-out and results in the following error:

Traceback (most recent call last):
  File "./test.py", line 79, in <module>
    c.setup_inbox(pwd, auto=False, ssl=False)
  File "/home/chrx/git/hawkins/shawk/shawk/Client.py", line 177, in setup_inbox
    self.imap = imapclient.IMAPClient('imap.gmail.com', ssl=ssl)
  File "/usr/local/lib/python2.7/dist-packages/imapclient/imapclient.py", line 152, in __init__
    self._imap = self._create_IMAP4()
  File "/usr/local/lib/python2.7/dist-packages/imapclient/imapclient.py", line 166, in _create_IMAP4
    return imap4.IMAP4WithTimeout(self.host, self.port, self._timeout)
  File "/usr/local/lib/python2.7/dist-packages/imapclient/imap4.py", line 13, in __init__
    imaplib.IMAP4.__init__(self, address, port)
  File "/usr/lib/python2.7/imaplib.py", line 173, in __init__
    self.open(host, port)
  File "/usr/lib/python2.7/imaplib.py", line 239, in open
    self.sock = socket.create_connection((host, port))
  File "/usr/lib/python2.7/socket.py", line 575, in create_connection
    raise err
socket.error: [Errno 101] Network is unreachable

Not sure how best to approach this. Should Shawk try to connect with ssl=True by default, then fallback to ssl=False if this fails? Or should it be left up to developers using Shawk to determine which works best for them?

[hawkins]

Found this issue on imapclient that seems to have similar issues. They also suggested using IMAPClient==0.13, like Shawk used to, so the proposed workaround may prove useful.

I've implemented their workaround in a new branch and will test as soon as I encounter a network where ssl=True fails with the master branch's configuration.