[arch-general] claws-mail suddenly seeing "invalid" certificates from gmail?
Hello! Apologies if this isn't the right place to ask, but it's not clear what exactly is at fault here so I thought I'd at least start on this list. I updated my system yesterday with pacman -Syu, and now Claws is claiming that pop.gmail.com is sending an invalid certificate whenever Claws tries to connect to fetch mail. I've not accepted the invalid certificate. This is the text of the dialog box that pops up: --8<-- Certificate for pop.gmail.com has changed. Certificate is for invalid2.invalid, but connection is to pop.gmail.com. You may be connecting to a remote server. Do you want to accept it? Signature status: Self-signed certificate. View certificates: Known certificate: Owner: Name: pop.gmail.com Org: Google LLC Location: Mountain View, US Signer: Name: Google Internet Authority G3 Org: Google Trust Services Location: US Status: Fingerprint: MD5: 83:C3:05:91:BA:31:19:5D:0B:AF:97:53:CB:4D:87:8B SHA1: B7:47:47:56:62:D4:D6:F4:BA:FA:F1:E7:A9:6B:C3:60:01:EC:E0:CB Signature status: Correct Expires on: 2019-02-19 14:02:00 +0000 New certificate: Owner: Name: invalid2.invalid Org: <not in certificate> Location: <not in certificate> Signer: Name: invalid2.invalid Org: <not in certificate> Location: <not in certificate> Status: Fingerprint: MD5: 90:4A:C8:D5:44:5A:D0:6A:10:FF:CD:8B:11:BE:16 SHA1: 42:59:51:7C:D4:E4:8A:28:9D:33:2A:B3:F0:AB:52:A3:66:32:28:24 Signature status: Self-signed certificate Expires on: 2030-01-01 00:00:00 +0000 --8<-- This is all I see on stderr: ** (claws-mail:5539): WARNING **: 09:40:22.955: size differ 896 1156 ** (claws-mail:5539): WARNING **: 09:40:23.920: can't initialize SSL/TLS. ** (claws-mail:5539): WARNING **: 09:40:23.920: [09:40:23] SSL/TLS handshake failed Other non-Gmail accounts work correctly. Anyone got any ideas? -- Mark Raynsford | http://www.io7m.com
Hi Mark,
Claws is claiming that pop.gmail.com is sending an invalid certificate whenever Claws tries to connect to fetch mail. ... New certificate: Owner: Name: invalid2.invalid
https://www.linuxquestions.org/questions/slackware-14/openssl-1-1-1-upgrade-... suggests forcing Claws to use a higher-grade of SSL/TLS may help. I've no idea how to do that. :-) -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy
On 2018-12-13T10:03:22 +0000 Ralph Corderoy <ralph@inputplus.co.uk> wrote:
Hi Mark,
Claws is claiming that pop.gmail.com is sending an invalid certificate whenever Claws tries to connect to fetch mail. ... New certificate: Owner: Name: invalid2.invalid
https://www.linuxquestions.org/questions/slackware-14/openssl-1-1-1-upgrade-... suggests forcing Claws to use a higher-grade of SSL/TLS may help. I've no idea how to do that. :-)
Ah, good catch, thanks! I don't see anything relevant in the account settings. This might be something that the Claws people have to fix. I'll ask! -- Mark Raynsford | http://www.io7m.com
On 2018-12-13T10:03:22 +0000 Ralph Corderoy <ralph@inputplus.co.uk> wrote:
https://www.linuxquestions.org/questions/slackware-14/openssl-1-1-1-upgrade-... suggests forcing Claws to use a higher-grade of SSL/TLS may help. I've no idea how to do that. :-)
Claws needs a patch to set SNI. I was directed to a patch by one of the Claws developers and it fixes the issue: https://lists.claws-mail.org/pipermail/users/2018-December/023434.html -- Mark Raynsford | http://www.io7m.com
participants (2)
-
Mark Raynsford
-
Ralph Corderoy