Evolution throws error with imap/ssl

oops, assigning to evolution

Confirmed, same problem here.

IMAP-server is Courier. I get the following message in the server log:

Sep 9 13:02:30 facecrime imaplogin: Connection, ip=[::ffff:213.84.123.77]
Sep 9 13:02:30 facecrime imaplogin: couriertls: connect: error:1408F10B:SSL rou
tines:SSL3_GET_RECORD:wrong version number

Thanks for your bug. What security setting do you use for that account? Could you try with TLS if SSL doesn't work?

Might be similar to http://bugzilla.gnome.org/show_bug.cgi?id=336543 or http://bugzilla.gnome.org/show_bug.cgi?id=345135

GNOME #345135 has a comment mentionning:

"Ok, I found an option in /etc/courier/imapd-ssl called TLS_STARTTLS_PROTOCOL.
It appears to set the minimum require protocol version; by default it is set to
TLS1. If I set it to SSL3 then Evolution can connect with TLS! So it seems
Evolution is trying to negotiate an SSL3 connection after all."

Does that work for you too?

Yes, that fixes it (but it also switches back to SSLv3 from TLSv1, AND requires a server reconfiguration, which could be considered.. sub-optimal)

Also, this used to work in Dapper.

is the certificate you are using unsigned like for bug #61594?

This doesn't work for me. Tried everything from TLS_STARTTLS_PROTOCAL=SSL2 to TLS_STARTTLS_PROTOCAL=TLS1. Same error :-(

Sorry, edited wrong config-file :-). Now the whole thing works.

Thanks and regards,

Marcel Juhnke

This is still a problem with Edgy when connecting to a system with an unsigned certificate.

I don't have control over the server, so there's no way to do anything about the server setup. This breaks Evolution completely for me. It worked in Dapper with a warning dialog.

I can confirm this as well, can't connect to my email provider anymore with TLS :( Worked fine in Dapper, Hoary etc.

I'm confirming this as well. Connecting to my e-mail server (which is using a unsigned certificate) via SSL/TLS doesn't work anymore after upgrading to Edgy Eft using Evolution 2.8.0

Confirming the bug. Worked perfectly in dapper. The certificate is signed by well known CA, but I get no luck with the STARTTLS option:

katie:/etc/courier# cat imapd-ssl | egrep -v '(#|$^)'
SSLPORT=993
SSLADDRESS=0
SSLPIDFILE=/var/run/courier/imapd-ssl.pid
IMAPDSSLSTART=YES
IMAPDSTARTTLS=YES
IMAP_TLS_REQUIRED=0
COURIERTLS=/usr/bin/couriertls
TLS_PROTOCOL=TLS1
TLS_STARTTLS_PROTOCOL=SSL3
TLS_CERTFILE=/etc/certs/secure.linknet.se.pem
TLS_TRUSTCERTS=/etc/certs/UTN.cer
TLS_VERIFYPEER=NONE

This all still gives me the same error, no matter if I choose TLS or SSL in Evolution's server setting, no matter if I enter :143 or :993 in the hostname field.

Nov 25 16:38:14 katie imaplogin: Connection, ip=[::ffff:83.248.131.164]
Nov 25 16:38:14 katie imaplogin: LOGIN: DEBUG: ip=[::ffff:83.248.131.164], command=CAPABILITY
Nov 25 16:38:14 katie imaplogin: LOGIN: DEBUG: ip=[::ffff:83.248.131.164], command=STARTTLS
Nov 25 16:38:14 katie imaplogin: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Oops. I'm terribly sorry, but I got fooled by Evolution's "Check for supported types"-button. Next time I fired up evolution it did work. This ought to be a bug by it self methinks.
What I'm saying is that the config pasted does work with "Use Secure Connection" set to "SSL encryption".

I have been noticing a similar problem since the upgrade from Dapper to Edgy. Trying to contact my company's IMAP server always resulted in an "Unknown error", not even in "SSL negotiations failed". Refreshing folders etc. didn't work, not with TLS, not with SSL, not even with plaintext passwords (ugh).

Not until I tried restarting Evolution after selecting "SSL". Thank you, Fredrik -- it seems I too got fooled. This is an undesirable behaviour, by the way: Evolution should really apply the selected Security method when checking "for Supported [Auth] Types". Should I file a new bug for this issue?

The TLS problem remains, of course.

Daniel: good idea to file the other bug separately.

The "settings not actually applied until restart" issue has already been filed under Launchpad bug #34058. It seems this is a known upstream problem since at least 2001. The GNOME bug tracker has gathered half a dozen duplicate bug reports, which shows that people still keep stumbling over this one once in a while.

I'd suggest that this is a fairly serious bug. As a security professional, any bug which forces me to downgrade my security (or forces _non-experts_ to do so) is pretty bad, and says bad things about the distro. Please let's get this fixed, folks.

There is thousand of desktop bugs open at the moment and few people working on them, contribution are welcome then. Note that the bug is not distribution specific

Fixed upstream, thanks.

evolution (2.21.4-0ubuntu1) hardy; urgency=low

  * New upstream version:
    New in 2.21.4:
    - Basic support for non-intrusive error reporting and error
      logging in Mailer (LP: #59632)
    - Add basic support for crash detection
    - Basic Message tagging support (aka Custom labels) (LP: #52816)
    Bug fixes:
    - #220846: New option to accept meeting request as free time
    - #263236: Look for "Do not ask me again" check in alignment,
      so let it works properly
    - #329578: Add mnemonic for "minutes" widget
    - #329706: Confirmation dialog for HTML Message needs some improvements
    - #336074: Check for mail only in active folders
    - #340267: Show description in preview as preformatted text,
      so tabulators are kept instead of treated as white spaces (LP: #41050)
    - #347328: Fix mnemonic clash over 'c', add mnemonic for 'Name' entry
    - #347329: Added a mnemonic to the 'Create'
      button of the 'New Folder' dialog
    - #354265: Fixed mnemonic clash between print and paste mnemonics
    - #392747: Abbreviated day names are in english for month view, while they
      appear in indic lang chars when seen in print-preview/actual-print
    - #408170: Added mnemonics to the "Custom" and "Sort By" menu options
    - #409121: Corrected misspelled instances of vCard
    - #430369: Crash in ea_setting_setup()
    - #437579: Fix all "entity not defined" warnings
    - #438769: Changed label from 'Search name'
      to 'Rule name' in edit -> message filters -> add
    - #444227: Make string for PrepareForOffline more descriptive.
      Add mnemonic to PrepareForOffline menu item
    - #446029: Fix for a mnemonic conflict in 'Find in Message' feature
    - #458824: Added mnemonics to the "Group" dialog
    - #466241: Added a mnemonic to "Authentication type" in the recieving mail
      section of configuration
    - #466497: Changed some mnemonics to stop l being used as a mnemonic key
    - #466499: Added support for mnemonics in config options from camel
    - #466503: Fix for a mnemonic conflict in
      Preferences -> Mail Preferences -> Junk tab
    - #468277: Added a mnemonic to "Copy book content locally
      for offline operation"
    - #474043: Prevent buffer overflows, by introducing a max size to copy
    - #474651: Use format strings in gtk_message_dialog_new
    - #475508: Changed the string for search folder and filter creation
      from message list to make it understandable
    - #492702: Moved bits of sound notification on new messages
      to mail-notification plugin.
    - #500210: Show plugin configuration in a tab of plugin manager
    - #500561: Added icon for mark all messages as read menu item.
    - #501474: Fix wrong expression from bug #359267
    - #501677: If it is not FolderBrowser object, the pane size signal
      is not sent
    - #501969: Passwords should not be forgotten on all errors
    - #502188: Initialize "remember" variable to FALSE.
    - #502312: A little cleanup of configuration part of the plugin
      to not use global variables and free memory properly
    - #502318: Critical warnings fixed when closing message window
    - #502501: Re use the existing string
    - #5...