[Bug 664185] [NEW] Evolution Exchange Connector broken for self-signed server certificates

Wed, 20 Oct 2010 15:00:48 -0700 

Public bug reported:

Binary package hint: evolution-exchange

The Evolution (2.30.3) Exchange connector and Evolution+TLS in general
is badly broken in Maverick -- it will not accept a self-signed server
certificate.  You can manually add the server certificate, and override
the trust values, but Evolution will not save your settings.  If at any
time you attempt to connect to a exchange server that uses a self signed
certificate, Evolution locks up and can only be killed.

The following procedure works around and thus demonstrates the problem:

1) Go to Edit->Preferences->Mail Accounts, and disable the exchange account
2) from another shell: evolution --force-shutdown
3) Go to the exchange server web access using a browser -- save the server 
certificate (varies by browser)
4) Restart evolution
5) Go to Edit->Preferences->Certificates->Contact Certificates->Import
6) Select saved server certificate, click open
7) Select server certificate, click Edit
8) Select "Trust the authenticity of this certificate"
9) Click "Edit CA Trust"
10) Select all three CA trust settings, click OK, click OK
11) Go to Edit->Preferences->Mail Accounts, select exchange account, click Edit
12) Click on Receiving Email->Authenticate
13) Enter your exchange account password, click OK, click OK
14) Go to Edit->Preferences->Mail Accounts, enable exchange account

And at that point, it will connect to exchange and work correctly... but
we aren't quite done.  Evolution will completely forget about the CA
trust settings we specified at shutdown, so this procedure will have to
be repeated with every start of Evolution.

Recommendations: 
1) Fix CA trust settings so that they save.
2) Notify the user when the certificate isn't trusted, instead of locking up so 
hard you have to use kill.

** Affects: evolution-exchange (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Evolution Exchange Connector broken for self-signed server certificates
https://bugs.launchpad.net/bugs/664185
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to