[Mono-bugs] [Bug 635646] New: Gmail pop ssl certificate is rejected

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Mon Aug 30 16:50:06 EDT 2010



           Summary: Gmail pop ssl certificate is rejected
    Classification: Mono
           Product: Mono: Class Libraries
           Version: 2.6.x
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Mono.Security
        AssignedTo: spouliot at novell.com
        ReportedBy: mfarver at mindbent.org
         QAContact: mono-bugs at lists.ximian.com
                CC: tedu at fogcreek.com
        Depends on: 545015
          Found By: ---
           Blocker: ---

+++ This bug was initially created as a clone of Bug #545015 +++

Created an attachment (id=321507)
 --> (http://bugzilla.novell.com/attachment.cgi?id=321507)
tries to connect to pop.gmail.com

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:
Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/

function rejects the SSL cert used by pop.gmail.com as being unworthy of a
server cert.  I'm not an expert in X509 standards, but multiple independent TLS
implementations are willing to accept this certificate as valid for a server,
so it seems mono is wrong here.

This bug is marked fixed, but still appears to occur in 2.6.7.

$ certmgr -ssl https://pop.gmail.com:995
Mono Certificate Manager - version
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD

 X.509 Certificate v3
   Issued from: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
   Issued to:   C=US, O=Google Inc, CN=Google Internet Authority
   Valid from:  6/8/2009 3:43:27 PM
   Valid until: 6/7/2013 2:43:27 PM
   *** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.

 X.509 Certificate v3
   Issued from: C=US, O=Google Inc, CN=Google Internet Authority
   Issued to:   C=US, S=California, L=Mountain View, O=Google Inc,
   Valid from:  4/22/2010 3:11:23 PM
   Valid until: 4/22/2011 3:21:23 PM
This certificate is already in the AddressBook store.

No certificate were added to the stores.

In also occurs using https://sdb.amazonaws.com

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list