[arch-general] claws-mail suddenly seeing "invalid" certificates from gmail?

Mark Raynsford list+org.archlinux.archgeneral at io7m.com
Thu Dec 13 09:50:31 UTC 2018 

Hello!

Apologies if this isn't the right place to ask, but it's not clear what
exactly is at fault here so I thought I'd at least start on this list.

I updated my system yesterday with pacman -Syu, and now Claws is
claiming that pop.gmail.com is sending an invalid certificate whenever
Claws tries to connect to fetch mail. I've not accepted the invalid
certificate.

This is the text of the dialog box that pops up:

--8<--
Certificate for pop.gmail.com has changed.
Certificate is for invalid2.invalid, but connection is to pop.gmail.com.
You may be connecting to a remote server.

Do you want to accept it?

Signature status: Self-signed certificate.

View certificates:

Known certificate:
  Owner:
    Name:     pop.gmail.com
    Org:      Google LLC
    Location: Mountain View, US
  Signer:
    Name:     Google Internet Authority G3
    Org:      Google Trust Services
    Location: US
  Status:
    Fingerprint: MD5: 83:C3:05:91:BA:31:19:5D:0B:AF:97:53:CB:4D:87:8B
                 SHA1:
  B7:47:47:56:62:D4:D6:F4:BA:FA:F1:E7:A9:6B:C3:60:01:EC:E0:CB Signature
  status: Correct Expires on: 2019-02-19 14:02:00 +0000

New certificate:
  Owner:
    Name:     invalid2.invalid
    Org:      <not in certificate>
    Location: <not in certificate>
  Signer:
    Name:     invalid2.invalid
    Org:      <not in certificate>
    Location: <not in certificate>
  Status:
    Fingerprint: MD5: 90:4A:C8:D5:44:5A:D0:6A:10:FF:CD:8B:11:BE:16
                 SHA1:
  42:59:51:7C:D4:E4:8A:28:9D:33:2A:B3:F0:AB:52:A3:66:32:28:24 Signature
  status: Self-signed certificate Expires on: 2030-01-01 00:00:00 +0000
--8<--

This is all I see on stderr:

** (claws-mail:5539): WARNING **: 09:40:22.955: size differ 896 1156
** (claws-mail:5539): WARNING **: 09:40:23.920: can't initialize
SSL/TLS.
** (claws-mail:5539): WARNING **: 09:40:23.920: [09:40:23] SSL/TLS
handshake failed

Other non-Gmail accounts work correctly.

Anyone got any ideas?

-- 
Mark Raynsford | http://www.io7m.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20181213/e974c75e/attachment.sig>

More information about the arch-general mailing list