[Users] [Bug 4568] New: Auto-accept updates of SSL certificates if valid and from same CA
Mark Raynsford
list+org.claws-mail at io7m.com
Thu Aug 11 13:49:56 UTC 2022
On 2022-02-03T17:58:47 -0000
Paul <paul at claws-mail.org> wrote:
> On Thu, 3 Feb 2022 07:52:51 +0100
> Johan Vromans <jvromans at squirrel.nl> wrote:
>
> > Seconded.
>
> See the response on the bug item,
> https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4568
>
> viz.
>
> * There aleady is the option "Automatically accept valid TLS certificates"
>
> * It is an account-specific option.
>
> * Providers do not normally change their CA often.
>
> * Certs are also not updated often, even from Let's Encrypt.
>
> This change would save you from one mouse click, say, every 3 months, or IOW
> 4 mouse clicks a year.
>
> Probably a developer implementing this would take up more than your lifetime's
> worth of clicks.
Hello!
Apologies for resurrecting a dead thread, but I have to disagree with
this. I went looking for an existing bug, because I have a couple of
GMail accounts and I run into this dialog box popping up several times
a day.
I think what happens is that Google serves different SSL certificates
depending on which internal server you end up hitting based on some
kind of load balancing. Between two Gmail accounts, I'm effectively
repeatedly bombarded with "The certificate has changed. Do you want
to accept the new certificate?", where the two certificates presented
differ by a couple of insignificant fields. I have selected
"Automatically accept valid TLS certificates" on both accounts, but I
seem to be asked to accept them repeatedly anyway. The next time this
happens (should be any time now!) I'll try to capture a screenshot to
show the differences.
Even worse, because the dialogs can sometimes pop up unexpectedly
whilst I'm clicking on something else, the dialogs can essentially get
lost behind other windows on a multi-desktop setup, and this makes
Claws appear to be "frozen" (because the main Claws window isn't
accepting input due to the modal dialog that's hiding somewhere on some
other desktop).
Obviously the preferred solution is to dump Gmail. Unfortunately, I
have clients tied to services that are tied to Gmail, and so can't get
away from it right now.
--
Mark Raynsford | https://www.io7m.com
More information about the Users
mailing list