[Users] cannot use claws mail any more (tls errors)

Andrej Kacian ticho at claws-mail.org
Tue Mar 27 17:27:18 CEST 2018

On Tue, 27 Mar 2018 05:05:47 -0400
thomas kaeding <thomas.a.kaeding at gmail.com> wrote:

> openssl s_client -host quaillake.duckdns.org -port 993
> reports that the certificate is expired, but no other error.
> The first setup in my list sees that the cert is expired and
> gives me a dialog box allowing me to accept it any. The
> other three setups just throw errors.

As was already pointed out in the bugzilla report you opened, Claws
Mail does not use OpenSSL. Try the connection with gnutls-cli to get a
closer approximation to what Claws Mail does.

There is also discrepancy between the port you use in Claws Mail
(143 with STARTTLS, according to the debug log excerpt you posted to the
bug), and port you are using for the openssl s_client command (993).
That is not where your problem lies, though.

Your problem seems to be in the fact that the certificate the server is
using does not match the hostname used. It is issued for
"imap.example.com", and GnuTLS seems to be more strict about that than
OpenSSL. Both of these commands fail over here, because of this.

gnutls-cli --starttls-proto=imap quaillake.duckdns.org:143
gnutls-cli quaillake.duckdns.org:993

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20180327/a90ed32d/attachment.sig>

More information about the Users mailing list