Red Hat Bugzilla – Bug 244260
root certificates not found
Last modified: 2007-11-30 17:12:07 EST
Description of problem:
mail-notification cannot verify some valid ssl certificates, and instead
requires the user either not to connect or to accept an unverified certificate.
In my particular case, my IMAP server is using a certificate from a slightly
uncommon certificate authority - I don't know if that's necessary for the
problem. The fix I give below would suggest the problem's broader than that, but
I don't have another IMAP server with which to test.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create a CA, (or use cacert.org)
2. Install your CA root certificate in /etc/pki/tls/certs (put a copy or link to
the cert in pem format in that directory, under the name HASH.0 where HASH is
the output of
openssl x509 -noout -hash <yourcertfile.pem
3. With your new CA, sign a certificate and configure an IMAP server to serve
ssl imap with that certificate. (sorry to abbreviate so much here - let me know
if you need more info on how to do this).
4. Try to monitor a mailbox on your new ssl-protected imap server with
A dialog claiming the certificate isn't valid, asking if you want to proceed.
Success (mail-notification happily monitoring your mail, with no dialog
(validation of the certificate you configured for your imap server succeeds)).
stracing the mail-notification process shows it doesn't look in /etc/pki/tls or
See the bug in the original project (19578 on savannah.nongnu.org) at the URL
Created attachment 157031 [details]
Naive patch to fix the problem, based on the description found on the project bugzilla
Could you please forward your patch upstream (I can do that as well, but it's
likely better if you do it, as you seem to be know about all the details
already)? I'm willing to apply the patch *if* it's also applied upstream for the
Okey dokey. I've attached the patch to the bug report on the project site, and
sent an e-mail to the maintainer. Since the project doesn't seem to use a
publicly available source repository, I'm not sure I can do much else until I
hear back or a new release comes out. I think the patch is pretty easy to
understand on its own merits, but lacking that there's not much else to do for now.
The maintainer has informed me both that he has a fix and that it should be
available in a new version "really soon now". It seems best to wait for that
(In reply to comment #4)
> The maintainer has informed me both that he has a fix and that it should be
> available in a new version "really soon now". It seems best to wait for that
That was mn-4.1 I suppose, which is out for some time now. Forget to close this,
doing it now.