Closed leecher1337 closed 10 months ago
From the error message given, I suspect that yes, updating your certificates may resolve things here. Have you tried installing certifi?
It's also worth checking that you can connect directly to the O365 server – does openssl s_client -crlf -connect outlook.office365.com:993
work?
Now I have a different error:
2023-11-29 10:50:19,489: Starting SMTP server at 127.0.0.1:2465 (unsecured) proxying smtp.gmail.com:465 (SSL/TLS)
2023-11-29 10:50:19,503: Initialised Email OAuth 2.0 Proxy - listening for authentication requests. Connect your email client to begin
2023-11-29 10:50:30,091: Accepting new connection from 127.0.0.1:43635 to IMAP server at 127.0.0.1:1993 (unsecured) proxying outlook.office365.com:993 (SSL/TLS)
2023-11-29 10:50:30,199: IMAP (127.0.0.1:1993) Caught asyncore info message (server) - error : uncaptured python exception, closing channel <__main__.IMAPOAuth2ServerConnection outlook.office365.com:993 at 0x20af1973320> (<class 'ssl.SSLError'>:[ASN1] nested asn1 error (_ssl.c:4028) [asyncore\asyncore.py|write|91] [emailproxy.py|handle_write_event|1182] [asyncore\asyncore.py|handle_write_event|438] [asyncore\asyncore.py|handle_connect_event|426] [emailproxy.py|handle_connect|1673] [ssl.py|create_default_context|713] [ssl.py|load_default_certs|534] [ssl.py|_load_windows_store_certs|526])
2023-11-29 10:50:30,210: IMAP (127.0.0.1:1993) Caught connection error (server) - SSLError : [ASN1] nested asn1 error (_ssl.c:4028)
I guess, this is a python bug? https://bugs.python.org/issue45312
If I understand this correctly, the application needs to iterate through all certificates and check for the matching one using an exception handler to prevent this error?
Thanks for following up. Could you confirm whether connecting directly via the OpenSSL command listed above works for you?
Yes, connecting directly works:
CONNECTED(000001CC)
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
verify return:1
---
Certificate chain
0 s:C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
i:C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
1 s:C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIqDCCB5CgAwIBAgIQCH/U32wcLnijDzfG9G6MBDANBgkqhkiG9w0BAQsFADBL
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSUwIwYDVQQDExxE
aWdpQ2VydCBDbG91ZCBTZXJ2aWNlcyBDQS0xMB4XDTIzMTAzMTAwMDAwMFoXDTI0
MTAzMDIzNTk1OVowajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
bjEUMBIGA1UEAxMLb3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDCK2kqtkJJsqt5zpGkt4rK6Q9mvgmO6YCWNHSpbDAz7SRaD/IgH/z2
Q96l7ObiDx3TEdRSjNSQh3RmetYsd6ZuZD0tYEjlFSEiT4nA2wf6ZddU6G68kA8L
N18fNl6WwClheoRjL/2yxdlUYNzwolcyt0ovhicDKausDNABl6U3v1YfhL0Z26Hn
IMuTG+Qv8HeWGV+I6c5HKSDlX+Uezccfm6CTbsVLuvRoZi8CvvGpfRAozBRD8L1f
nW+9IY1Eyxmy1YN0Mp1MWajHw+aQCZHTuETFC8yWksG2cuwlsonEf3+3Q1humc+a
6umy8kvDb8DiA/mWsOXvKjZQHOPpNGltAgMBAAGjggVnMIIFYzAfBgNVHSMEGDAW
gBTdUdCiMXOpc66PtAF+XYxXy5/w9zAdBgNVHQ4EFgQUe0FqZtpE+GWo/3mLOvfw
XqP7SzkwggIQBgNVHREEggIHMIICA4IWKi5jbG8uZm9vdHByaW50ZG5zLmNvbYIN
Ki5ob3RtYWlsLmNvbYIWKi5pbnRlcm5hbC5vdXRsb29rLmNvbYIKKi5saXZlLmNv
bYIWKi5ucmIuZm9vdHByaW50ZG5zLmNvbYIMKi5vZmZpY2UuY29tgg8qLm9mZmlj
ZTM2NS5jb22CDSoub3V0bG9vay5jb22CFyoub3V0bG9vay5vZmZpY2UzNjUuY29t
ghthdHRhY2htZW50Lm91dGxvb2subGl2ZS5uZXSCHWF0dGFjaG1lbnQub3V0bG9v
ay5vZmZpY2UubmV0giBhdHRhY2htZW50Lm91dGxvb2sub2ZmaWNlcHBlLm5ldIIW
YXR0YWNobWVudHMub2ZmaWNlLm5ldIIaYXR0YWNobWVudHMtc2RmLm9mZmljZS5u
ZXSCHWNjcy5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tgiFjY3Mtc2RmLmxvZ2lu
Lm1pY3Jvc29mdG9ubGluZS5jb22CC2hvdG1haWwuY29tghZtYWlsLnNlcnZpY2Vz
LmxpdmUuY29tgg1vZmZpY2UzNjUuY29tggtvdXRsb29rLmNvbYISb3V0bG9vay5v
ZmZpY2UuY29tghRzdWJzdHJhdGUub2ZmaWNlLmNvbYIYc3Vic3RyYXRlLXNkZi5v
ZmZpY2UuY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0
dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGNBgNVHR8EgYUwgYIwP6A9oDuGOWh0
dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydENsb3VkU2VydmljZXNDQS0x
LWcxLmNybDA/oD2gO4Y5aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0
Q2xvdWRTZXJ2aWNlc0NBLTEtZzEuY3JsMHwGCCsGAQUFBwEBBHAwbjAlBggrBgEF
BQcwAYYZaHR0cDovL29jc3B4LmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0
cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0Q2xvdWRTZXJ2aWNlc0NB
LTEuY3J0MAwGA1UdEwEB/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3
AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABi4SrgjMAAAQDAEgw
RgIhAKgwBfEMICwEaJ50oM3eh6QjBcnSBN2j23B1SGKA2y2nAiEA7KrsRp74BGFy
73qFmTPzdbexEHN/tny/1CQna4SL8b4AdwBIsONr2qZHNA/lagL6nTDrHFIBy1bd
LIHZu7+rOdiEcwAAAYuEq4IuAAAEAwBIMEYCIQCECVAUfWoo+LsTTIRNolivZxcX
8YpBzVNZWBxovPO25gIhAJA33TxxTHflYGMS918GjUT7oT7Q7dlZd2o6WZ79+GBn
AHYA2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGLhKuCDwAABAMA
RzBFAiEA90aaflX6rbOChkttnbPyiBoJnh5DPR0QaEoLCVH4fUECIGuMor+TR/ME
na7lUX+cVNutkRXuA/xNCj8jCjc6GigxMA0GCSqGSIb3DQEBCwUAA4IBAQBhyhec
yaMB3bV7lscDUNkHJrSRtycAxcJTo2D5GNqvUBqUSbPcWbH2XvATZvMX5estvohY
lnzv8d54O43acPviicqRXLLrooAHoV4Vt+4K/6R+7Cqw252XY/oVo7IkCTwU16lh
GTaPCq0VlMPBfkzvt8pILScQZZSY61YGCXPR3XhQmBi5B8YdcW1KoCXz/nh7hT/b
zLEOefBL+DJKauBf9h2y+SwAS6gJZYIHzE1Xfo6vDnuEyotltzoxr/T6z92ZdusC
O7pJeqthTJFNiQ42ATXwH461TuDN8fLp7S6aisUNYGaEHYtt9PP0aBKp48x8F6Yn
EuSmelEdGMrfzGjS
-----END CERTIFICATE-----
subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
issuer=C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 4001 bytes and written 481 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 190D000024D7078019D22888BC1C524DE682C6EEFBB93D1209F85C7E4D1D82F5
Session-ID-ctx:
Master-Key: DBEF7DA40C1B0676A8A6AEC21FFCA3A3BB4C1AD07A70CC808795298465C0FB65A8DFBD4127EDF688E13534BE7AADF05A
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1701355237
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: yes
---
* OK The Microsoft Exchange IMAP4 service is ready. [WgBSADAAUAAyADcAOABDAEEAMAAxADcANQAuAEMASABFAFAAMgA3ADgALgBQAFIATwB
EAC4ATwBVAFQATABPAE8ASwAuAEMATwBNAA==]
QUIT
DONE
OpenSSL 1.1.1n 15 Mar 2022
Thanks for confirming this, and also for the pointer to the Python bug. It looks like the workaround other projects use that is pointed to later in the most recent active issue page may be an option here.
Please can you try inserting this code (for now just copied from here) after the import ssl
line in the proxy, and see whether this fixes the issue?
def _fixed_load_windows_store_certs(self, storename, purpose):
certs = bytearray()
try:
for cert, encoding, trust in enum_certificates(storename):
# CA certs are never PKCS#7 encoded
if encoding == "x509_asn":
if trust is True or purpose.oid in trust:
try:
self.load_verify_locations(cadata=cert)
certs.extend(cert)
except SSLError:
warnings.warn("Bad certificate in Windows certificate store")
except PermissionError:
warnings.warn("unable to enumerate Windows certificate store")
return certs
ssl.SSLContext._load_windows_store_certs = _fixed_load_windows_store_certs
Hi,
Thank you for your attempt to help. Unfortunately, this now involves to install the .py file in order to edit it and in turn requires to install build dependencies, which fails miserably on my Windows machine:
Building wheel for pillow (pyproject.toml) ... error
error: subprocess-exited-with-error
× Building wheel for pillow (pyproject.toml) did not run successfully.
│ exit code: 1
?─> [206 lines of output]
running bdist_wheel
running build
running build_py
creating build
creating build\lib.win32-cpython-311
creating build\lib.win32-cpython-311\PIL
copying src\PIL\BdfFontFile.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\BlpImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\BmpImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\BufrStubImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ContainerIO.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\CurImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\DcxImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\DdsImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\EpsImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ExifTags.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\features.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\FitsImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\FliImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\FontFile.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\FpxImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\FtexImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\GbrImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\GdImageFile.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\GifImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\GimpGradientFile.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\GimpPaletteFile.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\GribStubImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\Hdf5StubImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\IcnsImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\IcoImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\Image.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageChops.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageCms.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageColor.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageDraw.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageDraw2.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageEnhance.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageFile.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageFilter.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageFont.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageGrab.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageMath.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageMode.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageMorph.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageOps.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImagePalette.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImagePath.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageQt.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageSequence.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageShow.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageStat.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageTk.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageTransform.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImageWin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\ImtImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\IptcImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\Jpeg2KImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\JpegImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\JpegPresets.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\McIdasImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\MicImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\MpegImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\MpoImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\MspImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\PaletteFile.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\PalmImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\PcdImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\PcfFontFile.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\PcxImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\PdfImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\PdfParser.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\PixarImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\PngImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\PpmImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\PsdImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\PSDraw.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\PyAccess.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\QoiImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\SgiImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\SpiderImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\SunImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\TarIO.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\TgaImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\TiffImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\TiffTags.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\WalImageFile.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\WebPImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\WmfImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\XbmImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\XpmImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\XVThumbImagePlugin.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\_binary.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\_deprecate.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\_tkinter_finder.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\_util.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\_version.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\__init__.py -> build\lib.win32-cpython-311\PIL
copying src\PIL\__main__.py -> build\lib.win32-cpython-311\PIL
running egg_info
writing src\Pillow.egg-info\PKG-INFO
writing dependency_links to src\Pillow.egg-info\dependency_links.txt
writing requirements to src\Pillow.egg-info\requires.txt
writing top-level names to src\Pillow.egg-info\top_level.txt
reading manifest file 'src\Pillow.egg-info\SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no files found matching '*.c'
warning: no files found matching '*.h'
warning: no files found matching '*.sh'
warning: no files found matching '*.txt'
warning: no previously-included files found matching '.appveyor.yml'
warning: no previously-included files found matching '.clang-format'
warning: no previously-included files found matching '.coveragerc'
warning: no previously-included files found matching '.editorconfig'
warning: no previously-included files found matching '.readthedocs.yml'
warning: no previously-included files found matching 'codecov.yml'
warning: no previously-included files found matching 'renovate.json'
warning: no previously-included files matching '.git*' found anywhere in distribution
warning: no previously-included files matching '*.so' found anywhere in distribution
no previously-included directories found matching '.ci'
no previously-included directories found matching 'wheels'
adding license file 'LICENSE'
writing manifest file 'src\Pillow.egg-info\SOURCES.txt'
running build_ext
The headers or library files could not be found for zlib,
a required dependency when compiling Pillow from source.
Please see the install instructions at:
https://pillow.readthedocs.io/en/latest/installation.html
Thus:
2023-12-01 16:02:35: Unable to load all GUI requirements: [ModuleNotFoundError("No module named 'pystray'"), ModuleNotFoundError("No module named 'PIL'"), ModuleNotFoundError("No module named 'timeago'"), ModuleNotFoundError("No module named 'webview'")] - did you mean to run in `--no-gui` mode? If not, please run `python -m pip install -r requirements-gui.t
xt`
2023-12-01 16:02:35: Stopping Email OAuth 2.0 Proxy
Would it be possible for you to make a temporary prebuilt binary for testing and attach it here? I guess trying to get it to run with python on my machine would generate a lot of work that maybe can be avoided as you already have a working build environment and I don't seem to have it.
Does this version work for you?
(Just to be clear, this is not likely to be the final fix as it rather bluntly overrides a function in the ssl
package, which is not necessarily a great idea. However, it should answer the question of whether that function is the root cause of the issue).
I'm assuming that this has been resolved via another route, so I'm going to close this issue. Feel free to re-open if that's not the case.
Hi, I'm currently using Thunderbird to circumvent the auth problem, so it was not a pressing issue. Thank you again for your help! I now finally found time to try it out. Unfortunately, the .exe doesn't run:
I guess, it isn't happy with "issue209" in it?
Here's a version without that issue. Does this work?
(This is still the same blunt monkey patching as the previous version. There's a better approach here, though I think I'd rather avoid getting as involved in the intricacies of SSLContext as that would require)
Hi, Thank you, this one looks good, I can open up the authentication dialog now. Unfortunately the person who set up the account for me seems to have enabled 2FA after 1 month of usage, and this requires some stupid "app" in order to continue which surely doesn't run on my Symbian phone, so I cannot complete the test until 2FA gets disabledv (thank god that at least Thunderbird works with the old token), but regarding the given bug, it seems to have fixed it, I guess.
Hi. Whenever I try to proxy to Office 365 on Windows 10 with the precompiled .exe, I'm receiving these errors:
What can I do about it? Do I need to install some additional certificates into my local Windows certificate store?