Offlineimap with SSL files on OSX

You know that. Every morning you go to your beloved terminal emulator, type in

$ offlineimap

to get some emails and BANG, you're presented with

OfflineIMAP 6.5.5
  Licensed under the GNU GPL v2+ (v2 or any later version)
Account sync Gmail:
 *** Processing account Gmail
 Establishing connection to imap.gmail.com:993
 ERROR: Server SSL fingerprint 'bfef6858bc803af948632c52241d15dd7696b4d2' for hostname 'imap.gmail.com' does not match configured fing
erprint(s) ['606dab919155192b372ebeb390a773ce01c1d2d2'].  Please verify and set 'cert_fingerprint' accordingly if not set yet.
 *** Finished account 'Gmail' in 0:00
ERROR: Exceptions occurred during the run!
ERROR: Server SSL fingerprint 'bfef6858bc803af948632c52241d15dd7696b4d2' for hostname 'imap.gmail.com' does not match configured finge
rprint(s) ['606dab919155192b372ebeb390a773ce01c1d2d2'].  Please verify and set 'cert_fingerprint' accordingly if not set yet.

Traceback:
  File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/accounts.py", line 241, in syncrunner
    self.__sync()
  File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/accounts.py", line 303, in __sync
    remoterepos.getfolders()
  File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/repository/IMAP.py", line 322, in getfolders
    imapobj = self.imapserver.acquireconnection()
  File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/imapserver.py", line 409, in acquireconnection
    fingerprint=fingerprint
  File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/imaplibutil.py", line 148, in __init__
    super(WrappedIMAP4_SSL, self).__init__(*args, **kwargs)
  File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/imaplib2.py", line 2021, in __init__
    IMAP4.__init__(self, host, port, debug, debug_file, identifier, timeout, debug_buf_lvl)
  File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/imaplib2.py", line 333, in __init__
    self.open(host, port)
  File "/usr/local/Cellar/offline-imap/6.5.6/libexec/offlineimap/imaplibutil.py", line 165, in open
    "if not set yet.", OfflineImapError.ERROR.REPO)

The certificate fingerprint has changed. Sorry, pal. You need to manually update the fingerprint in your .offlineimaprc if you'd like to proceed reading emails. Bump.

Some massive research on that topic wasn't very fruitful, but ended as usually on StackOverflow. As it turns out, if you install openssl via homebrew¹ all certificates installed in your Keychain are exported to /usr/local/etc/openssl/cert.pem ².

You can take that cert file and use it along with your .offlineimaprc:

ssl=true
sslcacertfile = /usr/local/etc/openssl/cert.pem

Presto. There is no need of adding, or replacing, changed fingerprints anymore. Happy email-reading!