Bug 244260

Summary: root certificates not found
Product: [Fedora] Fedora Reporter: Benjamin S. Scarlet <scarlet>
Component: mail-notificationAssignee: Thorsten Leemhuis <fedora>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 7   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://savannah.nongnu.org/bugs/?func=detailitem&item_id=19578
Whiteboard:
Fixed In Version: mail-notification-4.1-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-01 11:28:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Naive patch to fix the problem, based on the description found on the project bugzilla none

Description Benjamin S. Scarlet 2007-06-14 19:01:54 UTC 
Description of problem:
mail-notification cannot verify some valid ssl certificates, and instead
requires the user either not to connect or to accept an unverified certificate.
In my particular case, my IMAP server is using a certificate from a slightly
uncommon certificate authority - I don't know if that's necessary for the
problem. The fix I give below would suggest the problem's broader than that, but
I don't have another IMAP server with which to test.

Version-Release number of selected component (if applicable):
4.0-2

How reproducible:
Every time

Steps to Reproduce:
1. Create a CA, (or use cacert.org)

2. Install your CA root certificate in /etc/pki/tls/certs (put a copy or link to
the cert in pem format in that directory, under the name HASH.0 where HASH is
the output of
openssl x509 -noout -hash <yourcertfile.pem

3. With your new CA, sign a certificate and configure an IMAP server to serve
ssl imap with that certificate. (sorry to abbreviate so much here - let me know
if you need more info on how to do this).

4. Try to monitor a mailbox on your new ssl-protected imap server with
mail-notification 
  
Actual results:
A dialog claiming the certificate isn't valid, asking if you want to proceed.

Expected results:
Success (mail-notification happily monitoring your mail, with no dialog
(validation of the certificate you configured for your imap server succeeds)).

Additional info:
stracing the mail-notification process shows it doesn't look in /etc/pki/tls or
anywhere else.

See the bug in the original project (19578 on savannah.nongnu.org) at the URL
given above.
Comment 1 Benjamin S. Scarlet 2007-06-14 19:01:54 UTC 
Created attachment 157031 [details]
Naive patch to fix the problem, based on the description found on the project bugzilla
Comment 2 Thorsten Leemhuis 2007-06-15 09:21:18 UTC 
Could you please forward your patch upstream (I can do that as well, but it's
likely better if you do it, as you seem to be know about all the details
already)? I'm willing to apply the patch *if* it's also applied upstream for the
next version.
Comment 3 Benjamin S. Scarlet 2007-06-17 21:26:17 UTC 
Okey dokey. I've attached the patch to the bug report on the project site, and
sent an e-mail to the maintainer. Since the project doesn't seem to use a
publicly available source repository, I'm not sure I can do much else until I
hear back or a new release comes out. I think the patch is pretty easy to
understand on its own merits, but lacking that there's not much else to do for now.
Comment 4 Benjamin S. Scarlet 2007-06-18 11:34:03 UTC 
The maintainer has informed me both that he has a fix and that it should be
available in a new version "really soon now". It seems best to wait for that
version.
Comment 5 Thorsten Leemhuis 2007-09-01 11:28:04 UTC 
(In reply to comment #4)
> The maintainer has informed me both that he has a fix and that it should be
> available in a new version "really soon now". It seems best to wait for that
> version.

That was mn-4.1 I suppose, which is out for some time now. Forget to close this,
doing it now.