Active Topics

 


Reply
Thread Tools
Posts: 31 | Thanked: 44 times | Joined on Jun 2010
#1
UPDATE: turns out most of this thread is a red herring, see below for details...

UPDATE 2: For users happening onto this thread due to Gmail's deprecation of SSLv3 support in June 2016: see comment #39 (which further points to this thread) for the solution.

Hi!

So yesterday morning I see that the sending of emails from my n900 suddenly stopped working. After looking into it a bit, it turns out that if I disable SSL and just connect over port 25, then I can still send emails. But I really don't think I want to be sending emails (including the authentication to gmail!) in the clear...

Any ideas on what's going on? Could it be that gmail is stopping to support the SSL versions on the N900? Why isn't everyone on the forum seeing this issue?

I'm running the latest CSSU stable (21.2011.38-1Smaemo7), my gmail account has two factor authentication and I use an application password for the smtp access -- none of the settings have changed in probably 3 or 4 years... Using modest as my mail client.

Thanks!
Dov

Last edited by dovf; 2016-08-12 at 13:30.
 

The Following 2 Users Say Thank You to dovf For This Useful Post:
Posts: 31 | Thanked: 44 times | Joined on Jun 2010
#2
This thread at the gmail help forum from today seems relevant, though I'm still not sure what my options are on the n900...
 

The Following 2 Users Say Thank You to dovf For This Useful Post:
Posts: 391 | Thanked: 908 times | Joined on Aug 2011 @ suncity
#3
Originally Posted by dovf View Post
Hi!

So yesterday morning I see that the sending of emails from my n900 suddenly stopped working. After looking into it a bit, it turns out that if I disable SSL and just connect over port 25, then I can still send emails. But I really don't think I want to be sending emails (including the authentication to gmail!) in the clear...

Any ideas on what's going on? Could it be that gmail is stopping to support the SSL versions on the N900? Why isn't everyone on the forum seeing this issue?

I'm running the latest CSSU stable (21.2011.38-1Smaemo7), my gmail account has two factor authentication and I use an application password for the smtp access -- none of the settings have changed in probably 3 or 4 years... Using modest as my mail client.

Thanks!
Dov
Hi,

I experienced modest failed sending emails yesterday but I thought it is not a big deal; a connection error or something; but yesterday night at home the same thing happend; now I know this is a big issue - I shall look into it too. Thanks for the post!

jm
 

The Following User Says Thank You to justmemory For This Useful Post:
Posts: 3,074 | Thanked: 12,960 times | Joined on Mar 2010 @ Sofia,Bulgaria
#4
You may try openssl from cssu-devel repo, to see if it fixes the issue for you
__________________
Never fear. I is here.

720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900

Community SSU developer
kernel-power developer and maintainer

 

The Following 2 Users Say Thank You to freemangordon For This Useful Post:
Posts: 391 | Thanked: 908 times | Joined on Aug 2011 @ suncity
#5
Hmm, I have an option to use TLS with port 25 and in this way I can send emails...
 

The Following User Says Thank You to justmemory For This Useful Post:
Community Council | Posts: 685 | Thanked: 1,235 times | Joined on Sep 2010 @ Mbabane
#6
i have just sent a test message with modest on my CSSU-Thumb device, successfully
(never even knew that Gmail supported non-SSL/TLS connections)

openssl 0.9.8zh-1+maemo1+0m5+0cssu0 (what a name!!)

Last edited by sicelo; 2016-05-19 at 07:30. Reason: add openssl version info
 

The Following 2 Users Say Thank You to sicelo For This Useful Post:
peterleinchen's Avatar
Posts: 4,118 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#7
And also on non-CSSU device it is working. Old openssl version.
Using smtp with Normal (TLS) on port 587 ...

But does CSSU stable already included the newest libtinymal?
And I do not use two-way authentification.
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following User Says Thank You to peterleinchen For This Useful Post:
Posts: 31 | Thanked: 44 times | Joined on Jun 2010
#8
Thanks, all, for your responses!

"Normal (TLS)" is indeed now working for me on port 587; and OTOH, port 25 is not accepting unencrypted connections, as one would hope. Possibly, the other day when I thought I was connecting in the clear over 25, I was actually using SSL/TLS; and possibly, I didn't try the combination of TLS over 587...

SSL over 465 -- which is what I had been using up until now -- indeed is still not working for SMTP.

Thanks, again, for your comments!
 

The Following User Says Thank You to dovf For This Useful Post:
Posts: 31 | Thanked: 44 times | Joined on Jun 2010
#9
Turns out the whole problem had nothing to do with SSL/TLS, nor was it related to the upcoming deprecation of SSLv3 by gmail (which is occurring, see, for example, this thread from slashdot).

Rather, the problem was that I had moved my .modest directory onto external storage (my internal storage kept filling up because my inbox is growing too large -- but that's another matter ). Naively, I assumed that rather than copying the cache, I could just let it be recreated. However, it turns out that the cache contains some data which should be persisted -- specifically, a configuration setting which tells modest to trust the CAs in the common certificate store...

Apparently, gmail switch their IMAP and SMTP certificates every week (at least, they've switched them three times in the past three weeks). This shouldn't normally be a problem, since all of the certificates are signed by trusted CAs -- however, because modest was no longer using the installed certificates, I was having trouble every few days, with both SMTP and IMAP. So each time over the past three weeks that the cert changed, I would pin it (when modest warns about a bad certificate and allows you to choose whether to proceed or not, if you say "yes" then it will pin that certificate in .modest/cache/camel-cert.db) -- after confirming that it is valid, of course! But when I realized this would be happening once a week, I continued looking into it. I inspected all the certs, saw that the root CAs appeared to be installed correctly, and just couldn't understand why modest wasn't seeing them -- until I finally found the above... The link there explains how to restore the configuration that lets modest use the installed certificates, and now all appears to be working (with either SSL or TLS settings).

We'll see what happens next week when gmail does finally disable SSLv3...

Anyhow, sorry for the noise, but hopefully the information here in this last post may help others in the future...
 

The Following 5 Users Say Thank You to dovf For This Useful Post:
Community Council | Posts: 685 | Thanked: 1,235 times | Joined on Sep 2010 @ Mbabane
#10
great
yes, I've noticed the 'weekly' certificate issue on mutt which I also use on N900
 

The Following User Says Thank You to sicelo For This Useful Post:
Reply


 
Forum Jump


All times are GMT. The time now is 19:25.