[Users] [Bug 3193] New: SSL Certificate changed

Thu May 29 07:19:13 CEST 2014

http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3193

            Bug ID: 3193
           Summary: SSL Certificate changed
    Classification: Unclassified
           Product: Claws Mail
           Version: 3.9.3
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Other
          Assignee: users at lists.claws-mail.org
          Reporter: lbickley at bickleywest.com

ATT's sbcglobal.net PDP3 uses SSL certificates. Ever since it was discovered
that their email was vulnerable to attack because they hadn't regularly updated
their SSL certificate, they now do so "super" regularly (multiple time a day
apparently). Claws issues a warning for each change:
----------------------------------------------------
SLL certificate changed

Certificate for inbound att.net has changed
Do you want to accept it?

Signature status: Correct

> View Certificates
---------------------------------------------------
Both old and new certificate signers are:
Name: VeriSign Class 3 Secure Server CA - G3
Organization: VeriSign\. Inc.
Location: US

This signature status of the new Certificate is: "Correct"
And expires on: 04/25/15 (Sat) 16:59

Claws waits for a response:
Cancel connection
or
Accept and save

There should be an option to automatically "Accept and save" if the status of a
new certificate is "correct". It would be best if this were done on an account
by account basis (Most vendors change certificates rarely).

As is is now, I have to turn off processing of sbcglobal.net (att.net) so that
when I'm away from my desk, processing of all my other accounts can proceed w/o
delay. I then have to turn processing of sbcglobal.net on and "Get Mail" to
pick up my AT&T mail - and then turn it off again.

-- 
You are receiving this mail because:
You are the assignee for the bug.