Created attachment 1880 [details] Screenshot of certificate warning I added my Google account to gnome-online-accounts and enabled it for mail. Then Evolution immediately started complaining about the Google certificate. What's wrong here? Should I distrust the certificate? This isn't supposed to happen.
Assignee: bugsquad => olav
See http://code.google.com/p/support/wiki/SubversionFAQ#What_does_"use_the_fingerprint_to_validate_the_certificate This happens every time google updates their certs, as programs don't like to see the fingerprint changing, depending on whether the current server it hits has the updated or the old cert. The above site has a couple of workarounds for subversion. I guess treating the google cert as a root cert would work, but I don't know if that is a good idea or not. I think this bug report should be assigned to the maintainer for the rootcerts package, to decide.
CC: (none) => davidwhodgins
I agree with Dave, this is probably for the rootcerts maintainer. Unfortunately, we don't have one, so Cc'ing the last two committers on that package on this report.
CC: (none) => dmorganec, luigiwalserAssignee: olav => bugsquadSource RPM: evolution => rootcerts
I'm not an expert on this by any means, but we shouldn't be arbitrarily adding things to the rootcerts package. If Google won't use a certificate that's signed/recognized by one of the existing trusted root certs, that's their problem. I think we can close this.
(In reply to comment #3) > I'm not an expert on this by any means, but we shouldn't be arbitrarily adding > things to the rootcerts package. If Google won't use a certificate that's > signed/recognized by one of the existing trusted root certs, that's their > problem. Is that true? Then why aren't other distros having this problem? > I think we can close this. Sure, just let the unsuspecting user figure it out. :(
(In reply to comment #4) > (In reply to comment #3) > > I'm not an expert on this by any means, but we shouldn't be arbitrarily adding > > things to the rootcerts package. If Google won't use a certificate that's > > signed/recognized by one of the existing trusted root certs, that's their > > problem. > > Is that true? Then why aren't other distros having this problem? What distros? Does this happen on Mandriva? > > I think we can close this. > > Sure, just let the unsuspecting user figure it out. :( OK I won't close it yet. Did you try complaining to Google about it?
As I understand it, google is treating one of there own certs as a root cert, when it has not been designated as a root cert. It should be up to google to either get the certification to have a root cert, or to find a way to keep there servers in sync much faster. While it is annoying, I don't think we should do anything to reward google's ignoring the proper procedures. There servers should be treated by end users, as untrusted, while they are in the middle of updating there certs.
(In reply to comment #5) > > Is that true? Then why aren't other distros having this problem? > What distros? Does this happen on Mandriva? Sorry, I should have added in my prior comment, yes, it happens in Mandriva, and all distributions that haven't chosen to add a non root certificate as if it were a root certificate.
(In reply to comment #7) > (In reply to comment #5) > > > Is that true? Then why aren't other distros having this problem? > > > What distros? Does this happen on Mandriva? > > Sorry, I should have added in my prior comment, yes, it happens in > Mandriva, and all distributions that haven't chosen to add a non > root certificate as if it were a root certificate. So it sounds like this is indeed Google's problem. Let's close this then.
Status: NEW => RESOLVEDResolution: (none) => INVALID