UPDATE: turns out most of this thread is a red herring, see below for details...

UPDATE 2: For users happening onto this thread due to Gmail's deprecation of SSLv3 support in June 2016: see comment #39 (which further points to this thread) for the solution.

Hi!

So yesterday morning I see that the sending of emails from my n900 suddenly stopped working. After looking into it a bit, it turns out that if I disable SSL and just connect over port 25, then I can still send emails. But I really don't think I want to be sending emails (including the authentication to gmail!) in the clear...

Any ideas on what's going on? Could it be that gmail is stopping to support the SSL versions on the N900? Why isn't everyone on the forum seeing this issue?

I'm running the latest CSSU stable (21.2011.38-1Smaemo7), my gmail account has two factor authentication and I use an application password for the smtp access -- none of the settings have changed in probably 3 or 4 years... Using modest as my mail client.

Thanks!
Dov

This thread at the gmail help forum from today seems relevant, though I'm still not sure what my options are on the n900...

Hi,

I experienced modest failed sending emails yesterday but I thought it is not a big deal; a connection error or something; but yesterday night at home the same thing happend; now I know this is a big issue - I shall look into it too. Thanks for the post!

jm

You may try openssl from cssu-devel repo, to see if it fixes the issue for you

Hmm, I have an option to use TLS with port 25 and in this way I can send emails...

i have just sent a test message with modest on my CSSU-Thumb device, successfully
(never even knew that Gmail supported non-SSL/TLS connections)

openssl 0.9.8zh-1+maemo1+0m5+0cssu0 (what a name!!)

And also on non-CSSU device it is working. Old openssl version.
Using smtp with Normal (TLS) on port 587 ...

But does CSSU stable already included the newest libtinymal?
And I do not use two-way authentification.

Thanks, all, for your responses!

"Normal (TLS)" is indeed now working for me on port 587; and OTOH, port 25 is not accepting unencrypted connections, as one would hope. Possibly, the other day when I thought I was connecting in the clear over 25, I was actually using SSL/TLS; and possibly, I didn't try the combination of TLS over 587...

SSL over 465 -- which is what I had been using up until now -- indeed is still not working for SMTP.

Thanks, again, for your comments!

Turns out the whole problem had nothing to do with SSL/TLS, nor was it related to the upcoming deprecation of SSLv3 by gmail (which is occurring, see, for example, this thread from slashdot).

Rather, the problem was that I had moved my .modest directory onto external storage (my internal storage kept filling up because my inbox is growing too large -- but that's another matter ). Naively, I assumed that rather than copying the cache, I could just let it be recreated. However, it turns out that the cache contains some data which should be persisted -- specifically, a configuration setting which tells modest to trust the CAs in the common certificate store...

Apparently, gmail switch their IMAP and SMTP certificates every week (at least, they've switched them three times in the past three weeks). This shouldn't normally be a problem, since all of the certificates are signed by trusted CAs -- however, because modest was no longer using the installed certificates, I was having trouble every few days, with both SMTP and IMAP. So each time over the past three weeks that the cert changed, I would pin it (when modest warns about a bad certificate and allows you to choose whether to proceed or not, if you say "yes" then it will pin that certificate in .modest/cache/camel-cert.db) -- after confirming that it is valid, of course! But when I realized this would be happening once a week, I continued looking into it. I inspected all the certs, saw that the root CAs appeared to be installed correctly, and just couldn't understand why modest wasn't seeing them -- until I finally found the above... The link there explains how to restore the configuration that lets modest use the installed certificates, and now all appears to be working (with either SSL or TLS settings).

We'll see what happens next week when gmail does finally disable SSLv3...

Anyhow, sorry for the noise, but hopefully the information here in this last post may help others in the future...

great
yes, I've noticed the 'weekly' certificate issue on mutt which I also use on N900