Bug #222

Gmail SSL cannot be verified.

Added by Edd Barrett almost 3 years ago. Updated 8 months ago.

Status:ResolvedStart date:10/17/2014
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-Spent time:-
Target version:-

Description

Hi,

I'm running sylpheed-3.4.2 on OpenBSD/amd64. When I set up my gmail account and enter my application-specific IMAP password, I get a warning that gmail's SSL server could not be verified:

```
The SSL certificate of imap.gmail.com cannot be verified by the following reason:
unable to get local issuer certificate

Subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
Issuer: /C=US/O=Google Inc/CN=Google Internet Authority G2
Issued date: Sep 24 10:09:05 2014 GMT
Expire date: Dec 23 00:00:00 2014 GMT

SHA1 fingerprint: 2B:AB:9D:FE:EC:44:C8:0D:F7:AD:9D:5C:62:81:D1:B9:36:9B:A2:32
MD5 fingerprint: 4E:EF:3F:F0:5E:72:58:42:3D:DB:5A:90:08:E5:8D:0F

Do you accept this certificate?
```

This makes me very nervous, and I am forced to hit reject.

What I find odd is that my offlineimap config, which connects to the same server, can connect and verify the cert. There I am just using a sslcacertfile option.

Is this a bug in sylpheed, or a misconfiguration, or...?

Thanks

History

#1 Updated by Hiroyuki Yamamoto over 2 years ago

It seems that Sylpheed cannot find appropriate SSL certificates.

Sylpheed looks for them by the following order:

~/.sylpheed-2.0/
~/.sylpheed-2.0/certs/
/etc/ssl/certs/
/etc/ssl/
/etc/

(for each directory, the following certs bundle files are checked)

- ca-certificates.crt
- ca-bundle.crt
- ca-root.crt
- certs.crt

If OpenBSD stores certs bundle in another location,
you have to copy or symlink it to ~/.sylpheed-2.0/certs.crt as a workaround.

#2 Updated by Amit Kulkarni about 1 year ago

Hello,

Edd committed a patch to fix this issue alongwith Daniel Jakots. Can you please add this patch to Sylpheed SVN?

http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail/sylpheed/patches/patch-libsylph_ssl_c?rev=1.2&content-type=text/x-cvsweb-markup&hideattic=1

Thanks

#3 Updated by Hiroyuki Yamamoto 8 months ago

  • Status changed from New to Resolved

Fixed in svn r3526. Thanks!

Also available in: Atom PDF