Client certificate verfication fails

The attachment "Fix client certificate verification fails for dovecot" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Ok, the patch doesn't actually fix the bug. It appeared to in that after running the server with the patch applied client certificate validation succeeded, however, it appears this bug is actually intermittent as, even with the patched package, the server is now complaining that the client has not provided a valid SSL certficate.

This is definitely not true as the certificates, and in general verification of client-side certificates work, even with the same Thunderbird client, with postfix, exim, and cyrus-imapd.

In short dovecot has some bug that causes verfication of certificates present by the client to fail, however the bug is not easy to debug as sometimes config changes work, but later, running the same config, things fail again.

There appears to be some sort of caching even across client and server restarts that is coming into play and confusing the issue.

Anyone know of SSL caching issues with Window 8.1?

Regards,

Daniel

It turns out the actual bug is with Thunderbird. If you use your existing profile and change the IMAP software running on the same email server, then, even if you modify the Thunderbird accounts you were using to point to no server, and eliminate all visible config that might conflict, including saved password, then, you new accounts (but same username) to the same email server with different IMAP software (in my case switching from cyrus-imap to dovecot; I uncovered this by trying to switch back to cyrus-imap and having the same issues (the email server had to have been rebuilt due to hardware failure, and I had decided to switch IMAP software at the same time)).

It seems Thunderbird doesn't like it when you don't start with a fresh profile in this type of scenario.

Regards,

Daniel

Thanks for the work, you wrote that the patch doesn't fix the issue, should it still be in the sponsoring queue? You also target trusty, is the bug fixed in the current serie? In any case if you want a SRU you should follow https://wiki.ubuntu.com/StableReleaseUpdates

It should be remove from queue. As I wrote the actual issue was with Thunderbird not with Dovecot and therefore patching Dovecot is counter-productive.

Regards,

Daniel

unsubscribing sponsors then, thanks. Should the bug also be marked invalid?

Per former discussion marking invalid to clear old dovecot bugs