Re: [MlMt] Markdown formatting
Excellent, that has worked for me! Thanks Benny. Much appreciated. Seamus -- Seamus Phillips (+44)7905521930 seamus.phill...@gmail.com > On 25 Nov 2021, at 16:36, Benny Kjær Nielsen wrote: > > > On 25 Nov 2021, at 9:08, Seamus Phillips wrote: > > I found the error when trying to enable a bundle, and it wouldn’t stick, but > no error came up. I checked for updates and found the cert error. I since > downloaded bundle from GitHub, and added to mailmate package manually, seems > to have worked. > > I guess a similar workaround to just download any new version of MailMate > manually, but that is a bit of a pain. Especially for a whole office. Any > help to resolve would be great. > > I'm not really an expert on these certificate issues, but it has now come up > several times on the mailing list and I guess it'll only get worse when more > users get access to test/beta releases. Also, users stuck on older releases > of macOS and/or MailMate will continue to have issues with bundles/updates. > > So, I spent the day researching/relearning the handling of server > certificates and I've now re-configured the server with a couple of free > ZeroSSL-issued certificates for updates.mailmate-app.com and > api.mailmate-app.com. These should no longer be affected by the “Let's > Encrypt” issue. If this works as expected, I think it should resolve the > update-issues for all releases of MailMate. > > Let me know if this change does not help. State both version of MailMate and > macOS version. > > -- > Benny > > ___ > mailmate mailing list > mailmate@lists.freron.com > https://lists.freron.com/listinfo/mailmate ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Markdown formatting
On 25 Nov 2021, at 9:08, Seamus Phillips wrote: I found the error when trying to enable a bundle, and it wouldn’t stick, but no error came up. I checked for updates and found the cert error. I since downloaded bundle from GitHub, and added to mailmate package manually, seems to have worked. I guess a similar workaround to just download any new version of MailMate manually, but that is a bit of a pain. Especially for a whole office. Any help to resolve would be great. I'm not really an expert on these certificate issues, but it has now come up several times on the mailing list and I guess it'll only get worse when more users get access to test/beta releases. Also, users stuck on older releases of macOS and/or MailMate will continue to have issues with bundles/updates. So, I spent the day researching/relearning the handling of server certificates and I've now re-configured the server with a couple of free ZeroSSL-issued certificates for `updates.mailmate-app.com` and `api.mailmate-app.com`. These should no longer be affected by the “Let's Encrypt” issue. If this works as expected, I think it should resolve the update-issues for *all* releases of MailMate. Let me know if this change does not help. State both version of MailMate and macOS version. -- Benny ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Markdown formatting
I have the same problem. I’m running Mojave.
Followed instructions from letsencrypt to add new cert to keychain. Couldn’t
find an old one to remove though and the problem remains.
I found the error when trying to enable a bundle, and it wouldn’t stick, but no
error came up. I checked for updates and found the cert error. I since
downloaded bundle from GitHub, and added to mailmate package manually, seems to
have worked.
I guess a similar workaround to just download any new version of MailMate
manually, but that is a bit of a pain. Especially for a whole office. Any help
to resolve would be great.
Thanks.
--
Seamus Phillips
(+44)7905521930
seamus.phill...@gmail.com
> On 25 Nov 2021, at 00:45, Randall Gellens wrote:
>
> On 12 Nov 2021, at 12:22, Bill Cole wrote:
>
>> On 2021-11-12 at 13:34:46 UTC-0500 (Fri, 12 Nov 2021 10:34:46 -0800)
>> Randall Gellens
>> is rumored to have said:
>>
>>> I just tried to check for an update but received the error "SSL certificate
>>> problem: certificate has expired", which might explain why I wasn't aware
>>> there was anything newer.
>>
>> That's probably a consequence of the recent expiration of the root CA cert
>> ("DST Root CA X3") on a secondary validation path for Let's Encrypt
>> certificates. Sites serve the full trust chain of certs needed for all of
>> their trust paths except for the root to all clients and many are still
>> serving both the valid trust path and the one that relies on an expired
>> root. There's actually no consensus on whether server and intermediate certs
>> that were issued when a CA cert was valid should be considered invalid when
>> the CA expires but the issued cert is still nominally valid.
>>
>> The fixes for that base problem vary between systems and can be confusing
>> because an app can use the OS's security layer and its keychains of trusted
>> CA certs or the Apple-distributed antique OpenSSL with a PEM bundle of CA
>> certs in /etc/ssl/cert.pem or the MacPorts OpenSSL with the
>> 'curl-ca-bundle' package that puts a link at /opt/local/etc/openssl/cert.pem
>> which points to /opt/local/share/curl/curl-ca-bundle.crt. Or if you use
>> Homebrew, you might have something in /usr/local/etc. Some apps may even
>> bundle their own SSL libraries to do self-updates. I'm pretty sure MM just
>> uses the system facilities, but if you have similar problems with other tools
>>
>> If Keychain Access will let you do so, you should remove "DST Root CA X3"
>> from your System Roots keychain.
>> On recent systems with SPI enabled, you can't do that so you can work around
>> the problem by changing its Trust Settings to "Always Trust."
>
> I don't seem to have such a certificate. Nothing matches "DST" or "X3"
> anywhere.
>
>
>> You also should check your keychains for multiple versions of the "ISRG Root
>> X1" certificate, which SHOULD be a self-signed root CA cert in SystemRoots.
>> However, you may also have another version in the System or login keychains
>> which is NOT actually a root CA cert but rather is issued by that expired
>> root CA cert. If you do have one of those, they need to go. If you are
>> unable to remove non-root versions of the "ISRG Root X1" cert or do not have
>> the root version in SystemRoots, you can get the current version from
>> http://x1.i.lencr.org/ and import it into your System keychain. (imports
>> into SystemRoots don't work.)
>
> I only have one such certificate, which expires in 2035. Serial number "00
> 82 10 CF B0 D2 40 E3 59 44 63 E0 BB 63 82 8B 00".
>
>
> Given that I don't seem to have a "DST Root CA X3" cert and I have only one
> "ISRG Root X1" cert, what do you suggest?
> ___
> mailmate mailing list
> mailmate@lists.freron.com
> https://lists.freron.com/listinfo/mailmate
___
mailmate mailing list
mailmate@lists.freron.com
https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Markdown formatting
On 12 Nov 2021, at 12:22, Bill Cole wrote:
On 2021-11-12 at 13:34:46 UTC-0500 (Fri, 12 Nov 2021 10:34:46 -0800)
Randall Gellens
is rumored to have said:
I just tried to check for an update but received the error "SSL
certificate problem: certificate has expired", which might explain
why I wasn't aware there was anything newer.
That's probably a consequence of the recent expiration of the root CA
cert ("DST Root CA X3") on a secondary validation path for Let's
Encrypt certificates. Sites serve the full trust chain of certs needed
for all of their trust paths except for the root to all clients and
many are still serving both the valid trust path and the one that
relies on an expired root. There's actually no consensus on whether
server and intermediate certs that were issued when a CA cert was
valid should be considered invalid when the CA expires but the issued
cert is still nominally valid.
The fixes for that base problem vary between systems and can be
confusing because an app can use the OS's security layer and its
keychains of trusted CA certs or the Apple-distributed antique OpenSSL
with a PEM bundle of CA certs in /etc/ssl/cert.pem or the MacPorts
OpenSSL with the 'curl-ca-bundle' package that puts a link at
/opt/local/etc/openssl/cert.pem which points to
/opt/local/share/curl/curl-ca-bundle.crt. Or if you use Homebrew, you
might have something in /usr/local/etc. Some apps may even bundle
their own SSL libraries to do self-updates. I'm pretty sure MM just
uses the system facilities, but if you have similar problems with
other tools
If Keychain Access will let you do so, you should remove "DST Root CA
X3" from your System Roots keychain.
On recent systems with SPI enabled, you can't do that so you can work
around the problem by changing its Trust Settings to "Always Trust."
I don't seem to have such a certificate. Nothing matches "DST" or "X3"
anywhere.
You also should check your keychains for multiple versions of the
"ISRG Root X1" certificate, which SHOULD be a self-signed root CA cert
in SystemRoots. However, you may also have another version in the
System or login keychains which is NOT actually a root CA cert but
rather is issued by that expired root CA cert. If you do have one of
those, they need to go. If you are unable to remove non-root versions
of the "ISRG Root X1" cert or do not have the root version in
SystemRoots, you can get the current version from
http://x1.i.lencr.org/ and import it into your System keychain.
(imports into SystemRoots don't work.)
I only have one such certificate, which expires in 2035. Serial number
"00 82 10 CF B0 D2 40 E3 59 44 63 E0 BB 63 82 8B 00".
Given that I don't seem to have a "DST Root CA X3" cert and I have only
one "ISRG Root X1" cert, what do you suggest?
___
mailmate mailing list
mailmate@lists.freron.com
https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Markdown formatting
On 12 Nov 2021, at 21:22, Bill Cole wrote: >> I just tried to check for an update but received the error "SSL certificate >> problem: certificate has expired", which might explain why I wasn't aware >> there was anything newer. > > [very technical explanation] Thanks for the details Bill. I'm definitely not an expert on these issues and I kind of just decided to live with it since it only affects “older” macOS releases. > Ideally, the fix is server-side. Servers like updates.mailmate-app.com should > be reconfigured to send only the server certificate and its immediate issuer > cert as the server's trust chain, NOT including the version of "ISRG Root X1" > which is signed by the expired cert. That would break a DIFFERENT subset of > older clients (which don't trust the ISRG root by default) which is probably > why even Let's Encrypt's own servers are still sending the quasi-bogus cert. Let me know (off list) if you think it would be fairly easy to help me change this on my server to avoid this issue :) -- Benny ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Markdown formatting
On 2021-11-12 at 13:34:46 UTC-0500 (Fri, 12 Nov 2021 10:34:46 -0800)
Randall Gellens
is rumored to have said:
I just tried to check for an update but received the error "SSL
certificate problem: certificate has expired", which might explain why
I wasn't aware there was anything newer.
That's probably a consequence of the recent expiration of the root CA
cert ("DST Root CA X3") on a secondary validation path for Let's Encrypt
certificates. Sites serve the full trust chain of certs needed for all
of their trust paths except for the root to all clients and many are
still serving both the valid trust path and the one that relies on an
expired root. There's actually no consensus on whether server and
intermediate certs that were issued when a CA cert was valid should be
considered invalid when the CA expires but the issued cert is still
nominally valid.
The fixes for that base problem vary between systems and can be
confusing because an app can use the OS's security layer and its
keychains of trusted CA certs or the Apple-distributed antique OpenSSL
with a PEM bundle of CA certs in /etc/ssl/cert.pem or the MacPorts
OpenSSL with the 'curl-ca-bundle' package that puts a link at
/opt/local/etc/openssl/cert.pem which points to
/opt/local/share/curl/curl-ca-bundle.crt. Or if you use Homebrew, you
might have something in /usr/local/etc. Some apps may even bundle their
own SSL libraries to do self-updates. I'm pretty sure MM just uses the
system facilities, but if you have similar problems with other tools
If Keychain Access will let you do so, you should remove "DST Root CA
X3" from your System Roots keychain. On recent systems with SPI enabled,
you can't do that so you can work around the problem by changing its
Trust Settings to "Always Trust." You also should check your keychains
for multiple versions of the "ISRG Root X1" certificate, which SHOULD be
a self-signed root CA cert in SystemRoots. However, you may also have
another version in the System or login keychains which is NOT actually a
root CA cert but rather is issued by that expired root CA cert. If you
do have one of those, they need to go. If you are unable to remove
non-root versions of the "ISRG Root X1" cert or do not have the root
version in SystemRoots, you can get the current version from
http://x1.i.lencr.org/ and import it into your System keychain. (imports
into SystemRoots don't work.)
Ideally, the fix is server-side. Servers like updates.mailmate-app.com
should be reconfigured to send only the server certificate and its
immediate issuer cert as the server's trust chain, NOT including the
version of "ISRG Root X1" which is signed by the expired cert. That
would break a DIFFERENT subset of older clients (which don't trust the
ISRG root by default) which is probably why even Let's Encrypt's own
servers are still sending the quasi-bogus cert.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailmate mailing list
mailmate@lists.freron.com
https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Markdown formatting
On 12 Nov 2021, at 5:09, Patrick Okui wrote: On 11 Nov 2021, at 2:08 EAT, Randall Gellens wrote: On 9 Nov 2021, at 9:52, Steve Hodgson wrote: I’m running Version 1.14 (5843). Seems ok today. I'm still on 1.13.2, since I'm not on OS 11 yet and I believe 1.13.2 is the latest for 10.anything. I find lots of formatting problems in markdown, including the need to add extra blank lines to get one to show up. I’m on OS X 10.14.6 and currently on MailMate Version 1.14 (5820). Option + clicking on “check for update” in the MailMate menu offers me version 5845 which I’ll download shortly. I can see in the release notes for 5845 the following under “Coding/Bulding related changes”: “Requires macOS 10.12 (previously public release required 10.10).” I just tried to check for an update but received the error "SSL certificate problem: certificate has expired", which might explain why I wasn't aware there was anything newer. --Randall ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Markdown formatting
On 10 Nov 2021, at 15:30, Bill Cole wrote: On 2021-11-10 at 18:08:27 UTC-0500 (Wed, 10 Nov 2021 15:08:27 -0800) Randall Gellens is rumored to have said: I believe 1.13.2 is the latest for 10.anything. Nope. The test versions through the current r5844 have all run on Mojave (10.14.) No major issues and Benny cheerfully accepts bug reports for them on Mojave. Good to know. I'm actually still on 10.13 (High Sierra). I tried 10.14 on another machine cloned from my usual one, and MailMate kept locking up, presumably due to an OS issue accessing the address book or something, so I'm waiting on newer OSes until I can find time to clone my system again and try it out safely. --Randall ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Markdown formatting
On 11 Nov 2021, at 2:08 EAT, Randall Gellens wrote: > On 9 Nov 2021, at 9:52, Steve Hodgson wrote: > >> I’m running Version 1.14 (5843). Seems ok today. > > I'm still on 1.13.2, since I'm not on OS 11 yet and I believe 1.13.2 is the > latest for 10.anything. I find lots of formatting problems in markdown, > including the need to add extra blank lines to get one to show up. I’m on OS X 10.14.6 and currently on MailMate Version 1.14 (5820). Option + clicking on “check for update” in the MailMate menu offers me version 5845 which I’ll download shortly. I can see in the release notes for 5845 the following under “Coding/Bulding related changes”: “Requires macOS 10.12 (previously public release required 10.10).” -- patrick ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Markdown formatting
On 2021-11-10 at 18:08:27 UTC-0500 (Wed, 10 Nov 2021 15:08:27 -0800) Randall Gellens is rumored to have said: I believe 1.13.2 is the latest for 10.anything. Nope. The test versions through the current r5844 have all run on Mojave (10.14.) No major issues and Benny cheerfully accepts bug reports for them on Mojave. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Markdown formatting
On 9 Nov 2021, at 9:52, Steve Hodgson wrote: I’m running Version 1.14 (5843). Seems ok today. I'm still on 1.13.2, since I'm not on OS 11 yet and I believe 1.13.2 is the latest for 10.anything. I find lots of formatting problems in markdown, including the need to add extra blank lines to get one to show up. --Randall ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Markdown formatting
On 9 Nov 2021, at 18:52, Steve Hodgson wrote: I’m running Version 1.14 (5843). Seems ok today. Looks like Benny has got round to releasing new beta versions: I got 5844 yesterday after being on 5820 for months. 5820 was very stable and had the new Markdown engine. I **think** that, while most of the changes since then have affected message views and the composer, the Markdown engine should have been unaffected. One major niggle has at least been resolved: I'm no longer seeing oodles of newlines when replying to e-mails. So, thanks Benny! Charlie -- Charlie Clark Waldlehne 23 Düsseldorf D- 40489 Tel: +49-203-746000 Mobile: +49-178-782-6226 ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Markdown formatting
I’m running Version 1.14 (5843). Seems ok today. Cheers, Steve On 9 Nov 2021, at 17:00, mailmate-requ...@lists.freron.com wrote: > I think you should check which version of MailMate you're using. IIRC there > were some problems due a switch in the Markdown engine but I haven't come > across any in the last six months or so. ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Markdown formatting
On 7 Nov 2021, at 15:25, Steve Hodgson wrote: > I’ve recently noted that I am having to press [Enter] three times to put a > blank line between paragraphs in markdown when editing messages. > > Is there any way to revert to the usual two? I think you should check which version of MailMate you're using. IIRC there were some problems due a switch in the Markdown engine but I haven't come across any in the last six months or so. Charlie -- Charlie Clark Waldlehne 23 Düsseldorf D- 40489 Tel: +49-203-746000 Mobile: +49-178-782-6226 ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
[MlMt] Markdown formatting
I’ve recently noted that I am having to press [Enter] three times to put a blank line between paragraphs in markdown when editing messages. Is there any way to revert to the usual two? Cheers, Steve Hodgson ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
