This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 244260 - root certificates not found
root certificates not found
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: mail-notification (Show other bugs)
7
All Linux
low Severity medium
: ---
: ---
Assigned To: Thorsten Leemhuis
Fedora Extras Quality Assurance
https://savannah.nongnu.org/bugs/?fun...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-14 15:01 EDT by Benjamin S. Scarlet
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: mail-notification-4.1-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-01 07:28:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Naive patch to fix the problem, based on the description found on the project bugzilla (858 bytes, patch)
2007-06-14 15:01 EDT, Benjamin S. Scarlet
no flags Details | Diff

  None (edit)
Description Benjamin S. Scarlet 2007-06-14 15:01:54 EDT
Description of problem:
mail-notification cannot verify some valid ssl certificates, and instead
requires the user either not to connect or to accept an unverified certificate.
In my particular case, my IMAP server is using a certificate from a slightly
uncommon certificate authority - I don't know if that's necessary for the
problem. The fix I give below would suggest the problem's broader than that, but
I don't have another IMAP server with which to test.

Version-Release number of selected component (if applicable):
4.0-2

How reproducible:
Every time

Steps to Reproduce:
1. Create a CA, (or use cacert.org)

2. Install your CA root certificate in /etc/pki/tls/certs (put a copy or link to
the cert in pem format in that directory, under the name HASH.0 where HASH is
the output of
openssl x509 -noout -hash <yourcertfile.pem

3. With your new CA, sign a certificate and configure an IMAP server to serve
ssl imap with that certificate. (sorry to abbreviate so much here - let me know
if you need more info on how to do this).

4. Try to monitor a mailbox on your new ssl-protected imap server with
mail-notification 
  
Actual results:
A dialog claiming the certificate isn't valid, asking if you want to proceed.

Expected results:
Success (mail-notification happily monitoring your mail, with no dialog
(validation of the certificate you configured for your imap server succeeds)).

Additional info:
stracing the mail-notification process shows it doesn't look in /etc/pki/tls or
anywhere else.

See the bug in the original project (19578 on savannah.nongnu.org) at the URL
given above.
Comment 1 Benjamin S. Scarlet 2007-06-14 15:01:54 EDT
Created attachment 157031 [details]
Naive patch to fix the problem, based on the description found on the project bugzilla
Comment 2 Thorsten Leemhuis 2007-06-15 05:21:18 EDT
Could you please forward your patch upstream (I can do that as well, but it's
likely better if you do it, as you seem to be know about all the details
already)? I'm willing to apply the patch *if* it's also applied upstream for the
next version.
Comment 3 Benjamin S. Scarlet 2007-06-17 17:26:17 EDT
Okey dokey. I've attached the patch to the bug report on the project site, and
sent an e-mail to the maintainer. Since the project doesn't seem to use a
publicly available source repository, I'm not sure I can do much else until I
hear back or a new release comes out. I think the patch is pretty easy to
understand on its own merits, but lacking that there's not much else to do for now.
Comment 4 Benjamin S. Scarlet 2007-06-18 07:34:03 EDT
The maintainer has informed me both that he has a fix and that it should be
available in a new version "really soon now". It seems best to wait for that
version.
Comment 5 Thorsten Leemhuis 2007-09-01 07:28:04 EDT
(In reply to comment #4)
> The maintainer has informed me both that he has a fix and that it should be
> available in a new version "really soon now". It seems best to wait for that
> version.

That was mn-4.1 I suppose, which is out for some time now. Forget to close this,
doing it now.

Note You need to log in before you can comment on or make changes to this bug.