Trouble opening gmail nnimap server in Emacs gnus on Windows

Question

I'm trying to use Emacs gnus to connect to my gmail account. This is the relevant configuration code, taken mostly from here:

(setq tls-program '("openssl s_client -CAfile C:/Users/GGustafson/gmail.crt -connect %h:%p -no_ssl2 -ign_eof"))

(setq gnus-select-method '(nnimap "gmail"
  (nnimap-address "imap.gmail.com")  
  (nnimap-server-port 993)
  (nnimap-stream ssl)
  (nnimap-authinfo-file "~/.authinfo")))

(setq message-send-mail-function 'smtpmail-send-it
 smtpmail-starttls-credentials '(("smtp.gmail.com" 587 nil nil))
  smtpmail-auth-credentials '(("smtp.gmail.com" 587 "[email protected]" nil))
  smtpmail-default-smtp-server "smtp.gmail.com"
  smtpmail-smtp-server "smtp.gmail.com"
  smtpmail-smtp-service 587)

When I reboot, launch emacs, and do M-x gnus, I get these *Messages*:

Opening connection to imap.gmail.com via tls...
gnutls.c: [1] (Emacs) GnuTLS library not found
Opening TLS connection to `imap.gmail.com'...
Opening TLS connection with `openssl s_client -CAfile C:/Users/GGustafson/gmail.crt -connect imap.gmail.com:993 -no_ssl2 -ign_eof'...done
Opening TLS connection to `imap.gmail.com'...done
nnimap (gmail) open error: 'depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority^M
'.  Continue? (y or n)  y

What exactly is happening here? Previously I was getting some verify error:num=20:unable to get local issuer certificate errors, but I fixed those by following these instructions, which had me add the -CAfile parameter with a copy of the appropriate certificate.

To confirm that, I can do this:

C:\Users\GGustafson>openssl s_client -CAfile C:/Users/GGustafson/gmail.crt -connect imap.gmail.com:993 -no_ssl2 -ign_eof
CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2 verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = imap.gmail.com verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
****SNIP****
    Start Time: 1387083719
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
* OK Gimap ready for requests from 128.84.124.191 el7if9939594qeb.109

What am I missing to be able to read my Gmail with gnus? I'm on Windows 7 using Cygwin openssl.

Answer 1

What worked for me is using a gnutls port for windows instead of openssl, and removing any customization of tls-program. Emacs will use the binaries from gnutls automatically if they are on your path since gnutls-cli is the first program to try in the default values of tls-program.

I suggest using gnutls before trying openssl, it probably comes first in the defaults for a reason.

Answer 2

One thing I needed to do on Windows 7 to connect to gmail from gnus was:

;; So gnutls can find trustfiles on windows
(eval-after-load "gnutls"
'(progn
  (setq gnutls-trustfiles '("c:/cygwin/usr/ssl/certs/ca-bundle.trust.crt" "c:/cygwin/usr/ssl/certs/ca-bundle.crt"))))

Other than that, rest of setup is similar:

(setq gnus-secondary-select-methods
      '(
    (nnimap "gmail"
           (nnimap-address "imap.gmail.com")
           (nnimap-server-port 993)
           (nnimap-stream ssl)
           (nnir-search-engine imap)
           (nnimap-authinfo-file "~/.authinfo")
           )
    (nntp "news.gmane.org")
    (nnfolder "archive"
      (nnfolder-directory   "~/Documents/Text/Gnus/Mail/archive")
      (nnfolder-active-file "~/Documents/Text/Gnus/Mail/archive/active")
      (nnfolder-get-new-mail nil)
      (nnfolder-inhibit-expiry t))))

Able to read mail fine from gmail.