[Users] [Bug 3660] SSL Cert change shown on previously accepted certificates.

blind Pete peter_s_d at fastmail.com.au
Mon Aug 8 07:40:17 CEST 2016


On Thu, 4 Aug 2016 12:25:09 +0100
Paul <claws at thewildbeast.co.uk> wrote:

> On Thu, 4 Aug 2016 21:15:36 +1000
> blind Pete <peter_s_d at fastmail.com.au> wrote: 
> 
> > On Thu, 28 Jul 2016 20:09:19 +1000
> > blind Pete <peter_s_d at fastmail.com.au> wrote:
> > 
> > [snip]
> > > Case two; one URL, multiple certificates.  Is that 
> > > really dangerous?  How?   
> > [snip]
> > 
> > It was a serious question guys.
> 
> It's possible, albeit unusual. However, gmail users will often see
> this during a certificate upgrade which isn't implemented all at once
> across all their servers. That is why I suggested to use
> "Automatically accept valid SSL certificates".
> 
> with regards
> 
> Paul

My version of CM is out of date, there is an "unknown" in my version.  

Now to sort out the confusion - maybe.  

"Automatically accept valid SSL certificates" is the thing to do for
Gmail.  (Set ssl_certs_auto_accept=1 in accountrc.)  It introduces a
small security risk, but all of the other alternatives are worse, and
if you were serious about security you probably would hesitate to use
Gmail.  

The OP was told to set unsafe_ssl_certs, a variable in clawsrc.  That
left me saying, "What the hey?" and asking about it, and
skip_ssl_cert_check, neither of which would do what I wanted.  

Please correct me if I am wrong.  

-- 
testing
bP



More information about the Users mailing list