IMAP auth fails with SSLError

[ghost]

I'm trying to use Radciale with an IMAP-authenticated Thunderbird/Lightning client.

I'm installing radicale/git

cd radicale
git log | head
    commit 7b82121c12ca80207b88e21405c495bccde576e8
    Author: Guillaume Ayoub <[email protected]>
    Date:   Tue Sep 22 11:01:33 2015 +0200

        Encode message and committer for git commits (fix #313)

    commit 6babebd315a676e90da61c02c9161ea97894e302
    Author: Guillaume Ayoub <[email protected]>
    Date:   Mon Sep 21 12:14:51 2015 +0200
python3 setup.py install
radicale --version
    1.0.1

launch/exec radicale

python3 /usr/bin/radicale --config=/usr/local/etc/radicale/config

on create of new calendar @ TBird, with url

https://radicale.MYLAN.net:5232/[email protected]/calendar

it fails

    PROPFIND request at /[email protected]/calendar/ received
    Request headers:
    {'CONTENT_LENGTH': '306',
     'CONTENT_TYPE': 'text/xml; charset=utf-8',
     'GATEWAY_INTERFACE': 'CGI/1.1',
     'HTTP_ACCEPT': 'text/xml',
     'HTTP_ACCEPT_CHARSET': 'utf-8,*;q=0.1',
     'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
     'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.5',
     'HTTP_CACHE_CONTROL': 'no-cache',
     'HTTP_CONNECTION': 'keep-alive',
     'HTTP_DEPTH': '0',                                                                          
     'HTTP_DNT': '1',                                                                            
     'HTTP_HOST': 'radicale.MYLAN.net:5232',                                           
     'HTTP_PRAGMA': 'no-cache',                                                                  
     'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101 '               
                        'Thunderbird/41.0 Lightning/4.3b2',                                      
     'PATH_INFO': '/[email protected]/calendar/',                                       
     'QUERY_STRING': '',                                                                         
     'REMOTE_ADDR': '10.30.14.15',
     'REMOTE_HOST': '',
     'REQUEST_METHOD': 'PROPFIND',
     'SCRIPT_NAME': '',
     'SERVER_NAME': 'radicale.MYLAN.net',
     'SERVER_PORT': '5232',
     'SERVER_PROTOCOL': 'HTTP/1.1',
     'SERVER_SOFTWARE': 'WSGIServer/0.2',
     'wsgi.errors': <_io.TextIOWrapper name='<stderr>' mode='w' encoding='UTF-8'>,
     'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
     'wsgi.input': <_io.BufferedReader name=6>,
     'wsgi.multiprocess': False,
     'wsgi.multithread': True,
     'wsgi.run_once': False,
     'wsgi.url_scheme': 'http',
     'wsgi.version': (1, 0)}
    Sanitized path: /[email protected]/calendar/
    Rights type 'owner_only'
    Test if ':[email protected]/calendar' matches against '.+:^(/.*)?$' from section 'rw'
    Anonymous has NO read access to collection [email protected]/calendar/
    Rights type 'owner_only'
    Test if ':[email protected]/calendar' matches against '.+:^(/.*)?$' from section 'rw'
    Anonymous has NO write access to collection [email protected]/calendar/
    Request content:
    <?xml version="1.0" encoding="UTF-8"?>
    <D:propfind xmlns:D="DAV:" xmlns:CS="http://calendarserver.org/ns/" xmlns:C="urn:ietf:params:xml:ns:caldav"><D:prop><D:resourcetype/><D:owner/><D:current-user-principal/><D:supported-report-set/><C:supported-calendar-component-set/><CS:getctag/></D:prop></D:propfind>
    Anonymous user refused
    Answer status: 401 Unauthorized
    PROPFIND request at /[email protected]/calendar/ received
    Request headers:
    {'CONTENT_LENGTH': '306',
     'CONTENT_TYPE': 'text/xml; charset=utf-8',
     'GATEWAY_INTERFACE': 'CGI/1.1',
     'HTTP_ACCEPT': 'text/xml',
     'HTTP_ACCEPT_CHARSET': 'utf-8,*;q=0.1',
     'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
     'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.5',
     'HTTP_AUTHORIZATION': 'Basic '
                           'a5jZS1UXzIwMTQncm91cC5jb206YmxhdFVtTyExUkF2Vyc0BwcmVzZW=',
     'HTTP_CACHE_CONTROL': 'no-cache',
     'HTTP_CONNECTION': 'keep-alive',
     'HTTP_DEPTH': '0',
     'HTTP_DNT': '1',
     'HTTP_HOST': 'radicale.MYLAN.net:5232',
     'HTTP_PRAGMA': 'no-cache',
     'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101 '
                        'Thunderbird/41.0 Lightning/4.3b2',
     'PATH_INFO': '/[email protected]/calendar/',
     'QUERY_STRING': '',
     'REMOTE_ADDR': '10.30.14.15',
     'REMOTE_HOST': '',
     'REQUEST_METHOD': 'PROPFIND',
     'SCRIPT_NAME': '',
     'SERVER_NAME': 'radicale.MYLAN.net',
     'SERVER_PORT': '5232',
     'SERVER_PROTOCOL': 'HTTP/1.1',
     'SERVER_SOFTWARE': 'WSGIServer/0.2',
     'wsgi.errors': <_io.TextIOWrapper name='<stderr>' mode='w' encoding='UTF-8'>,
     'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
     'wsgi.input': <_io.BufferedReader name=6>,
     'wsgi.multiprocess': False,
     'wsgi.multithread': True,
     'wsgi.run_once': False,
     'wsgi.url_scheme': 'http',
     'wsgi.version': (1, 0)}
    Sanitized path: /[email protected]/calendar/
    Connecting to IMAP server mx.MAILSERVER.net:143.
    Traceback (most recent call last):
      File "/usr/lib64/python3.4/wsgiref/handlers.py", line 137, in run
        self.result = application(self.environ, self.start_response)
      File "/usr/lib/python3.4/site-packages/Radicale-1.0.1-py3.4.egg/radicale/__init__.py", line 306, in __call__
        is_authenticated = auth.is_authenticated(user, password)
      File "/usr/lib/python3.4/site-packages/Radicale-1.0.1-py3.4.egg/radicale/auth/IMAP.py", line 57, in is_authenticated
        connection = imaplib.IMAP4_SSL(host=IMAP_SERVER, port=IMAP_SERVER_PORT)
      File "/usr/lib64/python3.4/imaplib.py", line 1222, in __init__
        IMAP4.__init__(self, host, port)
      File "/usr/lib64/python3.4/imaplib.py", line 181, in __init__
        self.open(host, port)
      File "/usr/lib64/python3.4/imaplib.py", line 1236, in open
        IMAP4.open(self, host, port)
      File "/usr/lib64/python3.4/imaplib.py", line 257, in open
        self.sock = self._create_socket()
      File "/usr/lib64/python3.4/imaplib.py", line 1228, in _create_socket
        server_hostname=server_hostname)
      File "/usr/lib64/python3.4/ssl.py", line 364, in wrap_socket
        _context=self)
      File "/usr/lib64/python3.4/ssl.py", line 578, in __init__
        self.do_handshake()
      File "/usr/lib64/python3.4/ssl.py", line 805, in do_handshake
        self._sslobj.do_handshake()
    ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:598)

where

cat /usr/local/etc/radicale/config
    [server]
    hosts = 10.30.14.15:5232
    daemon = False
    pid = /var/run/radicale.pid
    ssl = True
    certificate = /usr/local/etc/radicale/ssl/server.crt
    key = /usr/local/etc/radicale/ssl/server.key

    protocol = PROTOCOL_SSLv23
    ciphers = DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!RC4:!DES:!SSLv2:!MD5;
    dns_lookup = True
    base_prefix = /
    can_skip_base_prefix = False
    realm = Radicale - Password Required

    [encoding]
    request = utf-8
    stock = utf-8

    [well-known]
    caldav = '/%(user)s/caldav/'
    carddav = '/%(user)s/carddav/'


    [auth]
    type = IMAP
    imap_hostname = mx.MAILSERVER.net
    imap_port = 143
    imap_ssl = True

    [git]
    # Git default options
    #committer = Radicale <[email protected]>

    [rights]
    type = owner_only
    #custom_handler =
    file = /usr/local/etc/radicale/rights

    [storage]
    type = filesystem
    #custom_handler =
    filesystem_folder = /usr/local/etc/radicale/collections

    [logging]
    debug = True
    full_environment = False

    [headers]
    # Additional HTTP headers
    #  Access-Control-Allow-Origin = *

[LipuFei]

Looks like in your config file, imap_port could be wrong. Because you are using SSL, should it be 993 instead? Otherwise, set imap_ssl to False.

[liZe]

@pgnd did you try the solution proposed by LipuFei?

[Unrud]

IMAP auth was removed in Radicale 2.0.0.