Bug#563253: libnss3-1d: Fails to verify the certificate of my company email server

[Mike Hommey]

On Wed, Jan 06, 2010 at 12:31:34PM +0000, Sam Morris wrote:
> > Before I go all the way to install evolution, could you check if there
> > is a secmod.db file in your evolution folder or somewhere else it would
> > be using ? (you can try to check in a strace output, possibly). Same
> > question for key3.db and cert8.db.
> 
> These files do indeed exist, in ~/.evolution. If you just wanted to
> check where evolution stores its certificate information, you can skip
> the next paragraph. :) 
> 
> I needed to get access to my email for work, so I accepted evolution's
> certificate warning. This seems to add a _permanent_ exemption for the
> certificate, and evolution does not seem to have any UI for manipulating
> exemptions, leaving me unable to reproduce the problem on this computer
> any more. In order to try and remove the exemption, I deleted the
> cert8.db, key3.db and secomd.db files in ~/.evolution. Evolution happily
> recreated them, but they are empty; so now evolution doesn't know about
> _any_ certificate authorities at all. So I can't reproduce the bug on
> this computer any more (or connect to any SSL-using server without
> having to manually verify the certificate, argh)... the bug will still
> exist on my system at home, so if you want these files then I can pull
> them off there later this evening.

That would be useful, thanks. You can also try giving the database to
vfyserv (not sure if it needs to be the directory path, or if it needs
to include the secmod.db leaf), which should theorically make vfyserv do
the same thing as evolution.

Mike

PS: I'm Cc'ing the bug again to have all the above messages logged, with
your server address stripped off.