Hi isdtor, I'm only replying briefly right now because I'm short on time tonight, but I wanted to thank you for taking the time to respond to all my requests. I appreciate your effort and it's very helpful.
On Thu, Feb 09, 2017 at 10:56:36PM +0000, isdtor wrote: > > What I hear you saying is that *with* the expired imap.google.com > > certificate, you are getting a prompt for an expired Google G2 cert > > (the 2nd in the chain). But without the expired imap.google.com you > > are getting no prompt. Is that right? > > That is correct. With only two certs in the local store and no cert > for imap.google.com present, it proceeds straight to the password > prompt. It's like the actual server cert is considered optional > because the rest of the chain checks out. I believe this is the desired behavior - if the chain checks out, then it should just accept the cert with no need to confirm anything. I will take a closer look tomorrow, but honestly I find the behavior with the expired imap.google.com in your cert filed very strange. If I can't figure anything out, I will revert the patch for the 1.8 release. In that case, I'll reopen the ticket and add some of your information to it, so we can debug some more, post-release. -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
