Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 447320

Summary: No longer able to fetch gentoo developer email into gmail -- google ssl policy change
Product: Gentoo Infrastructure Reporter: Matthew Marlowe (RETIRED) <mattm>
Component: Dev box issuesAssignee: Gentoo Infrastructure <infra-bugs>
Status: RESOLVED WONTFIX    
Severity: normal CC: tetromino
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Matthew Marlowe (RETIRED) gentoo-dev 2012-12-15 09:11:46 UTC 
For the last several years, I have used gmail as my main mail reader and had gentoo dev email fetched via pop/imap over SSL and deposited into a dedicated folder.

This stopped working a couple days ago, and I finally got interested enough to track down the cause.

Apparently our gentoo mail server uses a self signed certificate for incoming pop/imap connections.
Google will no longer honor that.

Details:
Fri, Dec 14, 2012 at 5:06 PM 	SSL Security Error. [ Help ]
Server returned error "SSL error: self signed certificate in certificate chain" 

As of December 2012, Gmail uses "strict" SSL1 security. This means that we'll always enforce that your other provider's remote server has a valid SSL certificate. We made this change to offer a higher level of security to better protect your information. 

http://support.google.com/mail/bin/answer.py?hl=en&answer=21291&ctx=gmail#strictSSL
Comment 1 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2012-12-24 09:37:29 UTC 
In the meantime, you can still forward mail there just the same.
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2012-12-25 07:26:42 UTC 
The certificate is NOT self-signed. We use CACert as our preferred vendor.
This is not going to be changing soon.