[Users] (Solved) Not downloading from Gmail

blind Pete peter_s_d at fastmail.com.au
Wed Apr 12 18:02:14 CEST 2017


On Tue, 4 Apr 2017 10:11:49 +0200
Ricardo Mones <ricardo at mones.org> wrote:

> On Mon, Apr 03, 2017 at 08:02:36AM +0200, Andrej Kacian wrote:
> > On Mon, 3 Apr 2017 13:32:42 +1000
> > blind Pete <peter_s_d at fastmail.com.au> wrote:
> > 
> > > Is there any reason that CM can not remember that multiple
> > > certificates have been accepted, or is there some reason that
> > > accepting a new one must cause the previous one to be discarded?  
> > 
> > No, no reason. You can even enable it with "unsafe_ssl_certs" hidden
> > preference (see user manual). It's just that it's usually a bad
> > idea to have it enabled by default, since sane providers stick to
> > the good old "one service, one certificate" rule.

Thanks, but you answered a question that I did not mean to ask (and
already knew the answer to). 

Rather than lowering the standards for all certificates, when caught in
a gmail load balancing unpredictability is there any way to mark both of
(hopefully) only two gmail certificates as accepted? 

> Since the domains causing most of the problems with this are usually
> well known, maybe a better experience without accepting all those
> unsafe certs could be turning that boolean preference into a list of
> regexp and only skipping this check to the domains matching any of
> the regexp in the list.
> 
> That way known annoyers can be added to the list, and certs from
> others would still require a manual waiver. You could even have the
> original unsafe_ssl_certs behaviour using the *.* regexp.
> 
> What do you think?

Lowering the standards for one provider would be less bad than lowering
the standards for all certificates. 


-- 
testing
bP



More information about the Users mailing list