So gmail started returning an invalid ssl certificate when trying to connect to imap from my php app. Is imap effectively dead nowadays? Why nobody seems to care? All the suggested "solutions" involve not checking the ssl certificate and allowing insecure apps to access gmail. What gives? Secure access to one of the biggest email providers using standardized protocol is no longer available? And I'm not even talking about trying to send an email...
@chebra
IOW, gmail does not care about your security and privacy. Surprise 😉
Use a privacy respecting alternative.
I thought about that. But tutanota doesn't have an API yet, nor will ever support imap, so it would mean a complete rewrite, special adapter for each email provider. Why did email become so complicated?
@chebra
I admit I never really researched this, as I have a domain at hetzner, which out of the box fulfills all my email needs (including IMAP).
I'm surprised Tutanota does not have this. Librem One does, but I assume there are others, too!?
https://docs.puri.sm/Librem_One/PureOS/Email.html
@danielst
In the end I traced the problem to openssl. Gmail apparently started requiring SNI with TLS1.3. Instead of failing with an error, they just return a self-signed certificate. Php imap extension uses abandoned library which cannot support SNI. Downgrading openssl to 1.1.0 uses TLS 1.2 which then works with gmail. This is facepalm upon facepalm...