On Wed, Feb 08, 2017 at 11:52:32PM +0000, isdtor wrote: > > > It would be useful to know if you see the problem with a vanilla 1.7.1, > > vanilla 1.7.2 and default tip right now. > > In brief: after 1.7.2. See below. > > > My understanding is that the warning notice is occuring because the > > certficate presented by the server is expired, which shouldn't have > > anything to do with your local certificate store, so I'm a bit confused. > > That's not consistent with the experience here. The problem is very > clearly related to the local store.
Okay, my understanding is not a great as it should be then. Let me ask a few questions to try and help me understand. Do you have $ssl_usesystemcerts set, and is your system properly set up with a system certificate store? Or, are you working completely off your $certificate_file? Do you have $ssl_verify_dates set? What are the validity dates for your "CN=Google G2, Issuer=Geotrust" certificate in local store? Is that cert actually expired, or is the prompt incorrect? Last, would you mind creating debug logs (at level -d 2) for the two cases you mention happening in default tip: with the expired imap.google.com certificate (i.e. your local certificate file has three entries), and without the expired imap.google.com certificate. What I hear you saying is that *with* the expired imap.google.com certificate, you are getting a prompt for an expired Google G2 cert (the 2nd in the chain). But without the expired imap.google.com you are getting no prompt. Is that right? -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
