[Users] [Bug 2738] Erroneous rotation of SSL certificates

Fri Sep 28 09:31:29 CEST 2012

http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2738

--- Comment #15 from Colin Leroy  2012-09-28 09:31:28 ---
Three more things before I'm done ranting:

> Google isn't going to change to accommodate Claws, but Claws can
> adapt in the case

We heard that a few times before, and doesn't it sound a lot like what web
browers implementors and web site designers have had to do in order to deal
with "Microsoft isn't going to change Internet Explorer so we better adapt" ?

If you know a bit about web development, you probably know where it lead : a
decade of incompatibilities and multiple implementations to work around browser
bugs. Hell for web developers.

Standards are there for a reason and it is not to annoy users.

> Also meant to mention:  Perhaps the solution could be as simple as
> retaining the current and previous cert for the server (I accepted
> both, so both should be considered valid for use until expired, and
> no further prompt should be necessary).  Or, retain all accepted
> certs until expired, so I don't have to tell Claws repeatedly that
> it's accepted.  It's really just a lack of memory here for what's
> 'accepted'.

Which is exactly what unsafe_ssl_certs=1 does:

unsafe_ssl_certs
    Allows Claws to remember multiple SSL certificates for a given server/port. 
    This is disabled by default. 

> But I know it's fun to close bug reports without doing any work

Almost everybody involved in this bug report thread has been around since 2002
or even earlier. Some put hundreds of personal hours into code, others into
helping new users on the mailing-list or bugzilla.

Don't get surprised if you get harsh answers after dismissing that.

-- 
Configure bugmail: http://www.thewildbeast.co.uk/claws-mail/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.