[Users] gmail certs

Michael Schwendt bugreporter at abwesend.de
Wed May 28 18:46:50 CEST 2014


On Wed, 28 May 2014 17:09:02 +0200, Colin Leroy wrote:

> > At least daily, for the last week or 2, I get a popup that there's a
> > new gmail cert.  If I'm sitting in front of the computer and catch
> > it, and click accept and save, claws continues and life is good
> > (until the next time).  If I'm not here, claws spits out a different
> > message (can't connect?).  
> 
> It's probably that time where Gmail rolls out new certificates in a
> sequential manner, making each connection to a different server present
> a different certificate, and prompting Claws Mail to ask whether it's
> OK.
> 
> Now that we have proper certificate chain verification, I'm starting to
> wonder whether we should accept correctly signed certificates
> automatically.

Somehow they are renewing their certs in weird ways, i.e. today the
"Expires on" field for a new cert has changed from 05.08.2014 to 20.08.2014,
which is roughly two weeks more time - and it will expire in less than three
months if they don't replace it again. ;)



More information about the Users mailing list