Fetchmail Google SSL Updates

Google appears to update it’s SSL cert nightly which breaks my fetch mail script nightly as well. Here’s a simple python script in case this happens to you!

import ssl
import socket
import hashlib
import sys

addr = 'imap.gmail.com'

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(1)
wrappedSocket = ssl.wrap_socket(sock)

try:
 wrappedSocket.connect((addr, 993))
except:
 response = False
else:
 der_cert_bin = wrappedSocket.getpeercert(True)
 pem_cert = ssl.DER_cert_to_PEM_cert(wrappedSocket.getpeercert(True))
 #print(pem_cert)

#Thumbprint
 thumb_md5 = hashlib.md5(der_cert_bin).hexdigest()
 #print("MD5: " + thumb_md5)

wrappedSocket.close()

cnt = 0

thumb_md5_d = ''

for letter in thumb_md5:
 if cnt%2 == 0 and cnt!=0:
 thumb_md5_d += ':'
 thumb_md5_d += letter
 cnt += 1

thumb_md5_d = thumb_md5_d.upper()

infile = "//home//user//fetchmailrc.tmp"
text = open(infile)

outfile = open('/etc/fetchmailrc', 'w')
outfile.truncate()

textToSearch = 'GOOGLE_FINGERPRINT'

for line in text:
 if textToSearch in line:
 line = line.replace( textToSearch, thumb_md5_d )
 outfile.write(line)

Where fetchmailrc.tmp is this (in addition to whatever else in your fetchmailrc):

poll imap.gmail.com protocol IMAP user "login@gmail.com" there with password "password" is blah@blah.com here nofetchall ssl sslfingerprint 'GOOGLE_FINGERPRINT'

Then you setup a cron job to run it nightly and now you’ve got up to date Google fingerprints!

Leave a Reply

Your email address will not be published. Required fields are marked *