desktop-packages team mailing list archive

Thread
Date

[Bug 664185] Re: Evolution Exchange Connector broken for self-signed server certificates

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <664185@xxxxxxxxxxxxxxxxxx>
Date: Wed, 10 Dec 2014 10:04:50 -0000
Reply-to: Bug 664185 <664185@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: evolution-exchange (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evolution-exchange in Ubuntu.
https://bugs.launchpad.net/bugs/664185

Title:
  Evolution Exchange Connector broken for self-signed server
  certificates

Status in evolution-exchange package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: evolution-exchange

  The Evolution (2.30.3) Exchange connector and Evolution+TLS in general
  is badly broken in Maverick -- it will not accept a self-signed server
  certificate.  You can manually add the server certificate, and
  override the trust values, but Evolution will not save your settings.
  If at any time you attempt to connect to a exchange server that uses a
  self signed certificate, Evolution locks up and can only be killed.

  The following procedure works around and thus demonstrates the
  problem:

  1) Go to Edit->Preferences->Mail Accounts, and disable the exchange account
  2) from another shell: evolution --force-shutdown
  3) Go to the exchange server web access using a browser -- save the server certificate (varies by browser)
  4) Restart evolution
  5) Go to Edit->Preferences->Certificates->Contact Certificates->Import
  6) Select saved server certificate, click open
  7) Select server certificate, click Edit
  8) Select "Trust the authenticity of this certificate"
  9) Click "Edit CA Trust"
  10) Select all three CA trust settings, click OK, click OK
  11) Go to Edit->Preferences->Mail Accounts, select exchange account, click Edit
  12) Click on Receiving Email->Authenticate
  13) Enter your exchange account password, click OK, click OK
  14) Go to Edit->Preferences->Mail Accounts, enable exchange account

  And at that point, it will connect to exchange and work correctly...
  but we aren't quite done.  Evolution will completely forget about the
  CA trust settings we specified at shutdown, so this procedure will
  have to be repeated with every start of Evolution.

  Recommendations: 
  1) Fix CA trust settings so that they save.
  2) Notify the user when the certificate isn't trusted, instead of locking up so hard you have to use kill.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evolution-exchange/+bug/664185/+subscriptions