[Users] [Bug 2738] Erroneous rotation of SSL certificates

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Thu Sep 27 21:34:15 CEST 2012


--- Comment #2 from IgnorantGuru  2012-09-27 21:34:15 ---
The link doesn't require a login - not sure why you're getting that.  You could
search google for "Each receive of mail (claws-mail) results in rotation of 2
SSL certificates".

It's fine that claws reports changes, but when a newer cert replaces an older
one, then the old one appears on some connections, it doesn't look like it
should be changed again.

If the largest email provider is doing this regularly for years, it's not
"abnormal", but normal (however incorrect or inconvenient), so I don't think
just ignoring the problem is helpful - best to work from reality.  Most other
clients seem to handle this gracefully based on that discussion.  In case you
still can't find that page, here was google's response:

> As you can see, the expiration date on the old certificate is fast approaching (4/22/2011), so we had to update our certificates to new ones.
> All production changes of this type are canaried, ie rolled out first to a small percentage of our servers.  These canaries usually run for 3-5 days before being rolled out to the rest of the servers.
> Its unfortunate that your client doesn't like to see rotating certs, though.  You're going to see this issue every year or two, since we have to renew the certificates that often.  If you can, I'd talk to the developers of the client and see if they'd move to a model of permanently accepting a certificate instead of objecting every time there's a switch.

Configure bugmail: http://www.thewildbeast.co.uk/claws-mail/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Users mailing list