Ask / Submit
3

SSL certificate error with native email

asked 2019-04-10 11:14:24 +0300

jello gravatar image

Native Email stopped working last days with "check certificate" message. I collect logs and got following:

[1446] Apr. 09 20:20:05 [Warning] Encrypted connect warnings: "'The issuer certificate of a locally looked up certificate could not be found'"

Raise and create account new is only possible when choosing "untrusted certificate"-option.

Then checked with Aqua-Mail (Android) and got similar message:

Ungültiges Sicherheitszertifikat (SSL). java.security.cert.CertPathValidatorException: Trust anchor for certification path not found..

Verified certs

imap.strato.de
smtp.strato.de

at https://www.sslshopper.com/ssl-checker.html says "green" but they where renewed at April, 2nd.

Anyone who have the same issue and have idea to fix that?

edit retag flag offensive close delete

Comments

1

I just verified that imap.strato.de is accessible with the standard SFOS 3.0.2.8 CA certificate store by installing openssl and issuing this command:

openssl s_client -connect imap.strato.de:imap -starttls imap

So if Jolla's Mail app complains about the certificate, it must use a different certificate store or there's something else causing this messge.

You can try to get more verbose logs from the Mail app.

Maus ( 2019-04-11 10:13:06 +0300 )edit

I colleced again logs from mail app as suggested but there are no further details:

set option "untrusted certificates = false"

[1508] Apr. 11 10:53:24 [Debug] Messaging :  Running action RetrieveMessageListRequest 11102490460162
[1508] Apr. 11 10:53:24 [Debug] Messaging :  Setting imap strategy 31ImapRetrieveMessageListStrategy
[1508] Apr. 11 10:53:24 [Debug] IMAP :  "2" About to open connection "mail@domain.de" "imap.strato.de"
[1508] Apr. 11 10:53:25 [Debug] Messaging :  QMailTransport::Socket::Socket SET PROXY host= "" port= 0
[1508] Apr. 11 10:53:25 [Debug] Messaging :  Opening connection -  "imap.strato.de" : 993  SSL
[1508] Apr. 11 10:53:25 [Debug] Messaging :  IMAP : connection established
[1508] Apr. 11 10:53:25 [Warning] Encrypted connect warnings: "'The issuer certificate of a locally looked up certificate could not be found'"
[1508] Apr. 11 10:53:25 [Debug] Messaging :  Action completed 11102490460162 result failure
[1508] Apr. 11 10:53:25 [Warning] socketError: 13 : "The issuer certificate of a locally looked up certificate could not be found"
[1508] Apr. 11 10:53:25 [Warning] Would not determine server/action completing

set option "untrusted certificates = true"

[1508] Apr. 11 10:57:46 [Debug] Messaging :  Running action RetrieveMessageListRequest 14160507174914
[1508] Apr. 11 10:57:46 [Debug] Messaging :  Setting imap strategy 31ImapRetrieveMessageListStrategy
[1508] Apr. 11 10:57:46 [Debug] IMAP :  "2" About to open connection "mail@domain.de" "imap.strato.de"
[1508] Apr. 11 10:57:46 [Debug] Messaging :  QMailTransport::Socket::Socket SET PROXY host= "" port= 0
[1508] Apr. 11 10:57:46 [Debug] Messaging :  Opening connection -  "imap.strato.de" : 993  SSL
[1508] Apr. 11 10:57:47 [Debug] Messaging :  IMAP : connection established
[1508] Apr. 11 10:57:47 [Warning] Encrypted connect warnings: "'The issuer certificate of a locally looked up certificate could not be found'"
[1508] Apr. 11 10:57:47 [Warning] Accepting untrusted certificates
[1508] Apr. 11 10:57:47 [Debug] Messaging :  IMAP : Secure connection established
[1508] Apr. 11 10:57:47 [Debug] IMAP :  "2" RECV: * OK [CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 CHILDREN ENABLE I18NLEVEL=2 ID IDLE MOVE MULTIAPPEND NAMESPACE QUOTA SORT STATUS=SIZE UIDPLUS UNSELECT WITHIN XLIST] IMAP server ready (P0 TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384)
[1508] Apr. 11 10:57:47 [Debug] IMAP :  "2" SEND a001 CAPABILITY
[1508] Apr. 11 10:57:47 [Debug] IMAP :  "2" RECV: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 CHILDREN ENABLE I18NLEVEL=2 ID IDLE MOVE MULTIAPPEND NAMESPACE QUOTA SORT STATUS=SIZE UIDPLUS UNSELECT WITHIN XLIST
[1508] Apr. 11 10:57:47 [Debug] IMAP :  "2" RECV: a001 OK CAPABILITY completed
[1508] Apr. 11 10:57:47 [Debug] IMAP :  "2" SEND a002 AUTHENTICATE CRAM-MD5
[1508] Apr. 11 10:57:47 [Debug] IMAP :  "2" RECV: + ### Hash replaced ### ==
[1508] Apr. 11 10:57:47 [Debug] IMAP :  "2" SEND SEND: <login hidden>
[1508] Apr. 11 10:57:47 [Debug] IMAP :  "2" RECV: a002 OK User logged in (400)
[1508] Apr. 11 10:57:47 [Debug] IMAP :  "2" SEND a003 SELECT INBOX ...
jello ( 2019-04-11 22:42:50 +0300 )edit

1 Answer

Sort by » oldest newest most voted
2

answered 2019-04-12 14:58:24 +0300

Maus gravatar image

This may be a QT bug. You can find lots of references to software based on Qt 4.4 up to 5.11 exhibiting this problem. There even is a very old bug report at Qt that never got resolved. Some reports claim that the intermediate certificate has not been supplied by the server, but in this case, the servers are not to blame: they include the intermediate certificate when establishing the connection.

It looks like you have to uncheck strict certificate checking with your Strato account for some longer ...

edit flag offensive delete publish link more
Login/Signup to Answer

Question tools

Follow
6 followers

Stats

Asked: 2019-04-10 11:14:24 +0300

Seen: 213 times

Last updated: Apr 12