3463 – Repeatedly states that "SSL Certificate has changed" with AT&T email

Bug 3463 - Repeatedly states that "SSL Certificate has changed" with AT&T email

Summary: Repeatedly states that "SSL Certificate has changed" with AT&T email

Status:	RESOLVED INVALID

Alias:	None

Product:	Claws Mail (GTK 2)
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	other
Hardware:	PC Linux

Importance:	P3 major
Assignee:	users

URL:

Depends on:
Blocks:

Reported:	2015-07-08 22:49 UTC by lbickley
Modified:	2015-07-09 21:00 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Snapshot of error display (71.42 KB, image/png) 2015-07-08 22:49 UTC, lbickley	no flags	Details
Certificate Change (152.34 KB, image/jpeg) 2015-07-09 02:52 UTC, daniel	no flags	Details
Certificate Change 2 (157.13 KB, image/jpeg) 2015-07-09 10:12 UTC, daniel	no flags	Details
Claws saved Certificate (39.48 KB, image/png) 2015-07-09 19:52 UTC, lbickley	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Description lbickley 2015-07-08 22:49:53 UTC

Created attachment 1533 [details]
Snapshot of error display

Running:
Claws Mail version 3.11.1-193-gffd369
OpenSUSE 13.2 SMP PREEMPT Mon Oct 20 13:47:22 UTC 2014 (feb42ea) x86_64 x86_64 x86_64 GNU/Linux

Claims that the certificate for "inbound.att.net" has changed and that the signature status is "no certificate issuer found". See attached snapshot of error display.

Regards, Lyle

Comment 1 daniel 2015-07-08 22:56:26 UTC

I am seeing this behaviour with 3.10.1 windows build and with one google apps imap account. it does not happen every time, but it happened 5+ times already. I will post screenshot when it will happen again.

Comment 2 lbickley 2015-07-09 01:55:52 UTC

I should have mentioned that on the error prompt, I always "Accept and Save" - since the new Certificate is valid. But Claws acts like the save is never done; i.e., the same error message will appear a short time later - and subsequently several times a day.

Comment 3 daniel 2015-07-09 02:52:56 UTC

Created attachment 1534 [details]
Certificate Change

And here is my promised screenshot.

Comment 4 Paul 2015-07-09 07:27:34 UTC

The image clearly shows that the certificate has changed. This is not an error.

If you don't want to be alerted each time the certificate changes then go to the SSL page of the account preferences and tick the box that says, 'Automatically accept unknown valid SSL certificates'. It looks, though, that your system doesn't have the root CA certificate for Symantec Class 3 Secure Server CA - G4.

Comment 5 daniel 2015-07-09 10:12:56 UTC

Created attachment 1535 [details]
Certificate Change 2

And one from todays' morning

Comment 6 lbickley 2015-07-09 19:37:30 UTC

I'm "mildly" confused. I thought that if I responded "Accept and Save" that Claws would accept the Certificate for the future until it changes again.

If "Accept and Save" doesn't update Claws with regards to the Certificate = what does "Accept and Save" mean? (Particularly the "Save").

Comment 7 lbickley 2015-07-09 19:52:10 UTC

Created attachment 1536 [details]
Claws saved Certificate

O.K. - I see that Claws saved the Certificate information in it's "Saved SSL Certificate" list.

I went to Symantec's website and downloaded the appropriate root Certificate and installed it using "update-ca-certificates" (in Linux). I did get another error message with regards to the ATT Certificate. Will let you know if more errors occur. (But now I think I've "got" what "Save" means ;)

Comment 8 Paul 2015-07-09 21:00:06 UTC

'Save' means exactly what you would expect it to mean, there is no hidden meaning. Also, there are no errors, just different certificates.

Note You need to log in before you can comment on or make changes to this bug.