Description of problem: mail-notification cannot verify some valid ssl certificates, and instead requires the user either not to connect or to accept an unverified certificate. In my particular case, my IMAP server is using a certificate from a slightly uncommon certificate authority - I don't know if that's necessary for the problem. The fix I give below would suggest the problem's broader than that, but I don't have another IMAP server with which to test. Version-Release number of selected component (if applicable): 4.0-2 How reproducible: Every time Steps to Reproduce: 1. Create a CA, (or use cacert.org) 2. Install your CA root certificate in /etc/pki/tls/certs (put a copy or link to the cert in pem format in that directory, under the name HASH.0 where HASH is the output of openssl x509 -noout -hash <yourcertfile.pem 3. With your new CA, sign a certificate and configure an IMAP server to serve ssl imap with that certificate. (sorry to abbreviate so much here - let me know if you need more info on how to do this). 4. Try to monitor a mailbox on your new ssl-protected imap server with mail-notification Actual results: A dialog claiming the certificate isn't valid, asking if you want to proceed. Expected results: Success (mail-notification happily monitoring your mail, with no dialog (validation of the certificate you configured for your imap server succeeds)). Additional info: stracing the mail-notification process shows it doesn't look in /etc/pki/tls or anywhere else. See the bug in the original project (19578 on savannah.nongnu.org) at the URL given above.
Created attachment 157031 [details] Naive patch to fix the problem, based on the description found on the project bugzilla
Could you please forward your patch upstream (I can do that as well, but it's likely better if you do it, as you seem to be know about all the details already)? I'm willing to apply the patch *if* it's also applied upstream for the next version.
Okey dokey. I've attached the patch to the bug report on the project site, and sent an e-mail to the maintainer. Since the project doesn't seem to use a publicly available source repository, I'm not sure I can do much else until I hear back or a new release comes out. I think the patch is pretty easy to understand on its own merits, but lacking that there's not much else to do for now.
The maintainer has informed me both that he has a fix and that it should be available in a new version "really soon now". It seems best to wait for that version.
(In reply to comment #4) > The maintainer has informed me both that he has a fix and that it should be > available in a new version "really soon now". It seems best to wait for that > version. That was mn-4.1 I suppose, which is out for some time now. Forget to close this, doing it now.