From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id BBD1F13888F for ; Fri, 3 Apr 2015 06:26:19 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3D4EBE08E9; Fri, 3 Apr 2015 06:26:13 +0000 (UTC) Received: from mail-wg0-f42.google.com (mail-wg0-f42.google.com [74.125.82.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 10B80E081D for ; Fri, 3 Apr 2015 06:26:11 +0000 (UTC) Received: by wgbdm7 with SMTP id dm7so103753398wgb.1 for ; Thu, 02 Apr 2015 23:26:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=kpzC2HZPo2sL7gvtS+bDMyLl5W71mNdupYwHfJDHHbE=; b=mZmG20cAInLf2m/H8P6isUlPLu/dwmx3jI73R4PuL8fs4lSjvqKTUZ4yHHQRdFHzgF XsLUSJh0eLRpplhJ8xK7YznVgqCXYowETc3j8HB5ksHB0ok+cH1oF0irErw7fPSLnK8O qy0YYsJbDyNj3rP+E3AHqExWTMi3mKhgyRbU5rVuGLBNcibzbUICSlVCSU65aSjxXkdN 6sttdCQUu0e0rs39dX8XYmX8qmzbkqB3IkyjrPT9k9tylFY9CPyK0bZGDKsOEemQEaFL 6LBIcEalMRQZUvXA6e8wHA9Rj7TvBC+gfd6aWqNKT4bwStZf1JYEJuLpka2KtjRW/kPa D38g== X-Received: by 10.180.85.130 with SMTP id h2mr31420871wiz.3.1428042371003; Thu, 02 Apr 2015 23:26:11 -0700 (PDT) Received: from gen2ws.local (dynamic-109-121-71-131.adsl.eunet.rs. [109.121.71.131]) by mx.google.com with ESMTPSA id fm10sm1399207wib.7.2015.04.02.23.26.10 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Apr 2015 23:26:10 -0700 (PDT) Date: Fri, 3 Apr 2015 08:26:12 +0200 From: bitlord To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] [OT] Strange behaviour of google certificates. Message-ID: <20150403082612.7ac5da5a@gen2ws.local> In-Reply-To: <551d04d3.6a93700a.614c.4814@mx.google.com> References: <551c290c.08cd700a.0b06.1f04@mx.google.com> <20150402075240.GB20058@waltdnes.org> <551d04d3.6a93700a.614c.4814@mx.google.com> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.27; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: adff23a9-bedb-4bea-be72-c5b2501bc86c X-Archives-Hash: fb18cae2137b9f58915552f65d9f31b5 On Thu, 2 Apr 2015 11:57:26 +0300 Gevisz wrote: > On Thu, 2 Apr 2015 03:52:40 -0400 "Walter Dnes" > wrote: > > > On Wed, Apr 01, 2015 at 08:19:45PM +0300, Gevisz wrote > > > > > So, I am using Claws Mail that downloads e-mails from several > > > google mail accounts (all are mine :) and about once or twice > > > in a month get into the situation when Claws asks me to verify > > > and change the google certificates, first in one direction and > > > soon after that (usually during the next downloading of my > > > e-mails) > > > - in another. > > > ... > > > > The 2 servers probably have different certificates, which is why > > you get this behaviour. I suggest going into "apk mode" and > > putting an entry into your hosts file , like... > > > > 173.194.192.108 pop.gmail.com > > > > This will force your system to always use the same server, and > > avoid the re-validation every time you hit the other server from > > the one you used the previous time. > > Thank you for your advice. Added that line to my /etc/hosts file. > After that Claws asked to verify the google certificate once again, > but I hope that that was the last time this month and that that > madness with google certificates finally ends. (Because in the last 2 > days this situation repeated at least 20 or more times.) > > By looking at the screenshoots that is >=claws-mail-3.10.x (I think that is the version when it got support for validating certificate chains)? There is a option in Configuration > Edit Accounts ... then for every account you have "SSL" options, you can check to accept "unknown valid certificates" so it will do it automatically, won't ask if there is a new certificate and it is valid.