Evolution Exchange Connector broken for self-signed server certificates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
evolution-exchange (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: evolution-exchange
The Evolution (2.30.3) Exchange connector and Evolution+TLS in general is badly broken in Maverick -- it will not accept a self-signed server certificate. You can manually add the server certificate, and override the trust values, but Evolution will not save your settings. If at any time you attempt to connect to a exchange server that uses a self signed certificate, Evolution locks up and can only be killed.
The following procedure works around and thus demonstrates the problem:
1) Go to Edit->Preferenc
2) from another shell: evolution --force-shutdown
3) Go to the exchange server web access using a browser -- save the server certificate (varies by browser)
4) Restart evolution
5) Go to Edit->Preferenc
6) Select saved server certificate, click open
7) Select server certificate, click Edit
8) Select "Trust the authenticity of this certificate"
9) Click "Edit CA Trust"
10) Select all three CA trust settings, click OK, click OK
11) Go to Edit->Preferenc
12) Click on Receiving Email->Authenticate
13) Enter your exchange account password, click OK, click OK
14) Go to Edit->Preferenc
And at that point, it will connect to exchange and work correctly... but we aren't quite done. Evolution will completely forget about the CA trust settings we specified at shutdown, so this procedure will have to be repeated with every start of Evolution.
Recommendations:
1) Fix CA trust settings so that they save.
2) Notify the user when the certificate isn't trusted, instead of locking up so hard you have to use kill.
This is probably present in 11.04, although without lock-down