Bug 308968

Summary: certificate is not remembered
Product: [Applications] kmail2 Reporter: Vladimir Mityukov <mityukov>
Component: miscAssignee: kdepim bugs <kdepim-bugs>
Status: CONFIRMED ---    
Severity: normal CC: christian.heller, christiandehne, hilberg, kdenis, lukas, mark, montel, nik.knatterton, sknauss
Priority: NOR    
Version: 5.1.1   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Where is tells about the failure
Where it offers to accept it forever

Description Vladimir Mityukov 2012-10-25 07:01:02 UTC 
The corporate email is accessible from the local network only and there is not strong need in the correct certificate (well, it's not what I can change, anyway).

Every time I run KMail (usually, once a day, just after boot up), it warns me about certificate issue, and asks if I want to remember exception [Forever] or [For current session only]. I every time click [Forever], but the next time it is asked again. Could it be so that I misunderstand the meaning of this option?...

Reproducible: Always

Steps to Reproduce:
1. Boot into KDE, then Run KMail;
2. Click [Check Mail]
3. Get Certificate warning, with options to Proceed or Cancel;
4. After clicking [Proceed], it offers to remember exception Forever or For current session only; Click [Forever].
5. Reboot your PC and try to get Email.
Actual Results:  
Certificate warning appears again, asking to confirm the exception.

Expected Results:  
I expect [Forever] option to remember my choice at least until the next major KDE upgrade, which might require me to cleanup ~/.kde directory..
Comment 1 Laurent Montel 2012-10-28 23:09:55 UTC 
"Get Certificate warning," ?:)
I don't know how to have a certificate warning :)
Comment 2 Vladimir Mityukov 2012-10-29 08:49:10 UTC 
Created attachment 74859 [details]
Where is tells about the failure
Comment 3 Vladimir Mityukov 2012-10-29 08:49:56 UTC 
Created attachment 74860 [details]
Where it offers to accept it forever
Comment 4 Vladimir Mityukov 2012-10-29 08:51:59 UTC 
Attached couple of screenshots. I'm not sure it is exactly about certificate, but I can definitely see the option <Forever>, which seem to have effect for the current session only.

Another notice: the same warning (with the same options) appears when I first time try to send a message (separate check on SMTP?)
Comment 5 Christian Trippe 2014-11-16 19:03:11 UTC 
(In reply to Laurent Montel from comment #1)
> "Get Certificate warning," ?:)
> I don't know how to have a certificate warning :)

If you have a self-signed certificate. See bug 233628 which claims to have this fixed in kio but I still have the problem with mail form KDE 4.14
Comment 6 Sandro Knauß 2015-02-25 20:18:39 UTC 
I can confirm this behaviour also with a self signed certificate.
Comment 7 Christian Hilberg 2015-03-10 15:48:36 UTC 
Confirming the issue with self-signed cert and kdepim 4.14.2 (debian/sid)
Comment 8 Christian Hilberg 2015-03-12 08:33:22 UTC 
Let me add that I am having the same issue for a certificate that was signed by CACert.org and kdepim 4.14.2 (debian/sid).

I was able to sort of "fix" this by manually importing that cert's CACert root certificate into the KDE cert store via "System Settings"-->"Network and Connections"-->"SSL Settings".

I still get some messages about aborted IMAP operations now and then, which I can simply retry and it usually works, but the certificate requester does not show any longer for this certificate.
Comment 9 Mark Stanton 2015-12-04 12:37:27 UTC 
This is the case here under Arch Linux with certificates that do not match the domain but I have certified as acceptable.
This is with version 5.0.3.
My KMail version 4. 4.14.10 does not show this when connecting to the same services
Comment 10 Mark Stanton 2015-12-04 15:24:05 UTC 
I should add that this happens every time KMail checks mail, not just once a session.
Comment 11 nik.knatterton 2016-08-31 17:19:46 UTC 
This is not solved, right?

I've been using Thunderbird for the past 2-3 years, because this certificate issue was very annoying. -- Now with Ubuntu 16.04 I wanted to switch back to KDE PIM (Kontact, akonadi, kmail, ...).

Is there any solution or workaround?

Situation: I am using my own imap/caldav server with self signed certificates / my own root ca. So my thought was to import the root ca into kleopatra and never ever receive any warnings concerning unknown/self signed certs again... Unfortunately, this remains a wish until today.

Kontact / KMail 5.1.3

While I am not able to help with programming, I am willing to share debug information.
Comment 12 Christian Hilberg 2016-09-01 08:09:37 UTC 
Hi Nik,

(In reply to nik.knatterton from comment #11)
> This is not solved, right?
> [...]
> I've been using Thunderbird for the past 2-3 years, because this certificate
> issue was very annoying. -- Now with Ubuntu 16.04 I wanted to switch back to
> KDE PIM (Kontact, akonadi, kmail, ...).
> Is there any solution or workaround?
> [...]

Try importing the certificate manually via System Settings / Network / Settings / SSL. You might need to log out from and back into Plasma.
Comment 13 nik.knatterton 2016-09-01 18:05:30 UTC 
Hi Christian,

thank you for the hint. In fact, I've tried that. Which leads to another bug (in my eyes):
I click on "add", select the cert. It appears in the list as a "user certificate" (Benutzerzertifikate). Then I click on "apply". Once the window is closed and reopened, the cert has vanished again. :(

Cheers
Nik
Comment 14 Christian Heller 2016-09-01 18:23:47 UTC 
Thanks for the hint. For me, importing the certificate worked.
It appears properly under "User-added certificates".
Debian Stable.
However, I will have to see over the next couple of days,
if the message dialogue indeed does not appear anymore.
Comment 15 nik.knatterton 2016-09-01 18:44:52 UTC 
What is the correct path where kde stores the user added certificates? Can the root ca cert simply be placed in that directory?