[Users] SNI and Google Mail self-signed certificate for IMAP

Michael Schwendt bugs.michael at gmx.net
Sat Sep 22 22:26:45 CEST 2018

On Sat, 22 Sep 2018 16:12:00 +0200, Andrej Kacian wrote:

> > Both Claws Mail 3.16.0 and 3.17.1, which don't exhibit the same
> > symptoms on Fedora 28, on Fedora 29 only get offered a self-signed
> > certificate when contacting Google Mail IMAP using gnutls.
> > 
> > It is not clear to me yet what exactly has changed and whether
> > the theory that it is related to SNI is correct. Why would the same
> > package be affected only on F29 and not F28?
> > 
> > Is anything known about this yet?  
> Perhaps different versions of GnuTLS in each Fedora? You can test the
> connection yourself with gnutls-cli or gnutls-cli-debug.

Meanwhile, I've taken the time to look under the hood, since the package
appeared to be the same, but actually it is built differently based on
conditionals that depend on the distribution version. D'oh!

%if (0%{?fedora} <= 28)                                                         
           --enable-ssl3-support \                                              
           --enable-tls13-support \                                             

The issue is reproducible with:
  gnutls-cli --disable-sni imap.gmail.com:993

More information about the Users mailing list