As reported upstream: https://gitlab.gnome.org/GNOME/evolution-ews/issues/36 Evolution Exchange Web Services can silently ignore *all* certificate errors if configured to ignore an initial error in gnome-online-accounts creation. This renders transport security worse than zero as it does not even indicate (logs or UI) that a questionable certificate was presented, leaving the connection open to being viewed and modified.
Present in 3.31 (dev), so may require backport to 3.30 currently pending stabilisation.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec808adda217d07bb554a784bd644c90abe472aa commit ec808adda217d07bb554a784bd644c90abe472aa Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2019-02-27 12:27:08 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2019-02-27 12:39:49 +0000 gnome-extra/evolution-ews: add patch for SSL certificate validation Bug: https://bugs.gentoo.org/678070 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Mart Raudsepp <leio@gentoo.org> gnome-extra/evolution-ews/Manifest | 1 + .../evolution-ews/evolution-ews-3.30.5-r1.ebuild | 66 ++++++++++++++++++++++ 2 files changed, 67 insertions(+)
Upstream doesn't seem to consider this a big issue. Either way, it is probably too complicated to backport to 3.24 stable versions, and evolution 3.30 stack isn't ready to go stable before about 6 weeks probably :(
Please take a look at the commit: https://gitlab.gnome.org/GNOME/evolution-ews/issues/27
This is already fixed in evolution-ews-3.30.5-r1 for exactly 2 months. But were no updates here, as we are not ready to stabilize that cycle yet.
(In reply to Mart Raudsepp from comment #5) > This is already fixed in evolution-ews-3.30.5-r1 for exactly 2 months. > But were no updates here, as we are not ready to stabilize that cycle yet. err, there WERE updates here and explanations, just not whiteboard/summary changes. So what should I be looking at there from the upstream issue?
This was stabled with GNOME 3.30 now
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c62c50b3f349dc677ff2ce8bca401c7d440a453f commit c62c50b3f349dc677ff2ce8bca401c7d440a453f Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2019-05-18 21:51:46 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2019-05-18 21:52:40 +0000 gnome-extra/evolution-ews: remove old Bug: https://bugs.gentoo.org/678070 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Mart Raudsepp <leio@gentoo.org> gnome-extra/evolution-ews/Manifest | 1 - .../evolution-ews/evolution-ews-3.24.6.ebuild | 66 ---------------------- .../files/3.24.6-DESTDIR-honoring.patch | 33 ----------- .../files/3.24.6-libical3-compat.patch | 44 --------------- 4 files changed, 144 deletions(-)
*** Bug 699858 has been marked as a duplicate of this bug. ***