Earlier today, I updated to 3.10.1-121 and fired up 2 instances as usual. Then, after ~1.5 hours away from system, came back to dialogs about new gmail SSL certificates, so I accepted. On one instance, CM status bar is now showing: "Account '<gmail_account>': Connecting to POP3 server: pop.gmail.com:995..." The UI is unresponsive. Connected strace and get lots of output as I move the mouse across the CM window; but CM still hung... Oh GREAT!!! Now, the other instance is hung on a gmail account...
Interesting... restarted one instance, got another SSL certificate dialog for a gmail account and CM locked up again even though I Acked it within a few seconds...
I've got 3.10.1-2 on Debian Testing (Jessie) and I'm getting some GMail SSL certificate change notifications similar to yours. If I accept the new cert it works fine. If I am away from the computer and I accept the cert when I get back then I get errors because the POP connection timed out. After the errors are cleared up it checks other accounts, but it does not come back to GMail (I must check it manually). I am not having any trouble with hanging/crashing. I only run one instance at a time. Maybe that information can assist you in testing (update your application).
(In reply to comment #2) > I've got 3.10.1-2 on Debian Testing (Jessie) and I'm getting some GMail SSL > certificate change notifications similar to yours. If I accept the new cert > it works fine. If I am away from the computer and I accept the cert when I > get back then I get errors because the POP connection timed out. After the > errors are cleared up it checks other accounts, but it does not come back to > GMail (I must check it manually). > > I am not having any trouble with hanging/crashing. I only run one instance > at a time. > > Maybe that information can assist you in testing (update your application). They seem to be switching between these two certs (almost every time I check my mail I get prompted to save the 'new' cert): http://www.zimagez.com/zimage/screenshot-080714-062305pm.php http://www.zimagez.com/zimage/screenshot-080714-060328pm.php
(In reply to comment #2) > I've got 3.10.1-2 on Debian Testing (Jessie) and I'm getting some GMail SSL > certificate change notifications similar to yours. If I accept the new cert > it works fine. If I am away from the computer and I accept the cert when I > get back then I get errors because the POP connection timed out. After the > errors are cleared up it checks other accounts, but it does not come back to > GMail (I must check it manually). > > I am not having any trouble with hanging/crashing. I only run one instance > at a time. > > Maybe that information can assist you in testing (update your application). veuillez m’excuser... there is no need to update your application. ><
Created attachment 1414 [details] gmail certs I captured this screen shot of both my CM instances SSL certs. I'm not familiar with the rules for handling these; but I noticed that the toggling certs bounce back and forth between 2 specific certs. Closer inspection shows that one is set to expire 09/01/14 and the other 09/29/14... When a "new" cert's expiration date is sooner, would it be acceptable to ignore it and keep the current, longer lasting one? Probably a dumb question... :)
You know you that under SSL in the Account setting you can set it to automatically accept Valid but unknown certificates. I have a little used gmail account set-up as pop3 Not imap and I have never had an issue with the with the certificates with clawse set to "accept Valid but unknown certificates". Charles
(In reply to comment #6) > You know you that under SSL in the Account setting you can set it to > automatically > accept Valid but unknown certificates. > > I have a little used gmail account set-up as pop3 Not imap and I have never > had an issue with the with the certificates with clawse set to "accept Valid > but unknown certificates". > > Charles You can set 'accept valid but unknown certs' as Charles recommends above or you can change the server to pop.googlemail.com - it seems to have a 'stable' cert. Note that if you change the server then your mail will redownload (assuming it is still on the server) and you'll have some de-duplication to do.
(In reply to comment #7) > (In reply to comment #6) > > You know you that under SSL in the Account setting you can set it to > > automatically > > accept Valid but unknown certificates. > > > > I have a little used gmail account set-up as pop3 Not imap and I have never > > had an issue with the with the certificates with clawse set to "accept Valid > > but unknown certificates". > > > > Charles > > You can set 'accept valid but unknown certs' as Charles recommends above or > you can change the server to pop.googlemail.com - it seems to have a > 'stable' cert. > Note that if you change the server then your mail will redownload (assuming > it is still on the server) and you'll have some de-duplication to do. I'm getting the same problem with pop.googlemail.com now
OK... it's possible an SSL dialog was on another desktop... :P Based on the ridiculous number of dialogs I'm having to accept, I think that is most likely what initially happened... Anyway, the gmail cert issue is driving me nuts because I have multiple gmail accounts on each CM instance and each account goes through this... :P :P Ah... Thanks Charles! That seems to have stopped the issue... I've unchecked one account to see if the cert changes have stopped... Questions: "Automatically accept unknown valid SSL certificates" seems oxymoronic... In the screen shot, they appear valid and 'known' (however that might be defined)... Could this be better worded? Maybe: "Automatically accept valid SSL certificates" -- what's "unknown" about these gmail certs? From comment 5: When a "new" cert's expiration date is sooner, would it be acceptable[1] to ignore it and keep the current, longer lasting one? [without requiring an option?] [1] Tried reading part of RFC5426; but I don't have enough experience with certs to grok it.