From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 23F22138825 for ; Thu, 2 Apr 2015 08:59:08 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8912BE0978; Thu, 2 Apr 2015 08:59:03 +0000 (UTC) Received: from mail-la0-f51.google.com (mail-la0-f51.google.com [209.85.215.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 565E8E0962 for ; Thu, 2 Apr 2015 08:59:02 +0000 (UTC) Received: by lajy8 with SMTP id y8so55160232laj.0 for ; Thu, 02 Apr 2015 01:59:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:to:subject:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=DQs+gdxgVvFQTSHKRCB3w9uOIUP0OBrL8wfy7zQtUco=; b=bFMMUMsseCY+crKpO6WZNHcSiziJbDNyVJzDTSlD6HzMnFAlaRQ8Y97Usm+tCZh1eQ DukUdBvjhSZdKTpHYlujzvn3LH9Be2dDDAYz+eGMZrbnTU7OwOZZJB8sODwqtr11BUvR AmsjrxFeyuIXXGEcQ2/sGLajiCtH/9cXKOsOpxF66lj/4sh1hCHT64MIDb7oevW6HFCC yjn06l8kUxmbE4sUb5jDhJPzOxhtmROvLtssrcHGRlM4WZMj1k+W6RqKPeyBfsx5io4c rapzxT3P7pPLLp90Yv4qD4y5awq8sXqhYNez3vujNyZ1lHrWAia1PZym2HH2DMuKHp8Q gs2g== X-Received: by 10.112.210.230 with SMTP id mx6mr39947632lbc.64.1427965140799; Thu, 02 Apr 2015 01:59:00 -0700 (PDT) Received: from cosmo ([178.214.192.160]) by mx.google.com with ESMTPSA id tj10sm909870lbb.4.2015.04.02.01.58.59 for (version=SSLv3 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 02 Apr 2015 01:58:59 -0700 (PDT) Message-ID: <551d04d3.6a93700a.614c.4814@mx.google.com> Date: Thu, 2 Apr 2015 11:57:26 +0300 From: Gevisz To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] [OT] Strange behaviour of google certificates. In-Reply-To: <20150402075240.GB20058@waltdnes.org> References: <551c290c.08cd700a.0b06.1f04@mx.google.com> <20150402075240.GB20058@waltdnes.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: 2321f5c1-cf0d-4582-928e-71ca48c985ad X-Archives-Hash: e5216ed8da89186e670f44b070a28ad3 On Thu, 2 Apr 2015 03:52:40 -0400 "Walter Dnes" wrote: > On Wed, Apr 01, 2015 at 08:19:45PM +0300, Gevisz wrote > > > So, I am using Claws Mail that downloads e-mails from several > > google mail accounts (all are mine :) and about once or twice > > in a month get into the situation when Claws asks me to verify > > and change the google certificates, first in one direction and > > soon after that (usually during the next downloading of my e-mails) > > - in another. > > > > The situation is illustrated by the 2 message screenshots that are > > attached to this e-mail. > > > > The strange thing for me is that, first, the Claws asks me to verify > > and accept a newer certificate complaing that the old one is in some > > aspect "bad", and soon after that it complains about a newer > > certificate and asks me to verify and and accept the older one. > > > > I suspect that it is google that makes something wrong here. > > > > What do you think? > > The same question came up on the local linux user group here in > Toronto. Apparently "pop.gnail.com" is actually 2 servers... > > [d531][waltdnes][~] nslookup pop.gmail.com > Server: 206.248.154.170 > Address: 206.248.154.170#53 > > Non-authoritative answer: > pop.gmail.com canonical name = gmail-pop.l.google.com. > Name: gmail-pop.l.google.com > Address: 173.194.192.108 > Name: gmail-pop.l.google.com > Address: 173.194.192.109 > > The 2 servers probably have different certificates, which is why you > get this behaviour. I suggest going into "apk mode" and putting an > entry into your hosts file , like... > > 173.194.192.108 pop.gmail.com > > This will force your system to always use the same server, and avoid > the re-validation every time you hit the other server from the one you > used the previous time. Thank you for your advice. Added that line to my /etc/hosts file. After that Claws asked to verify the google certificate once again, but I hope that that was the last time this month and that that madness with google certificates finally ends. (Because in the last 2 days this situation repeated at least 20 or more times.)