On Fri, 3 Apr 2015 08:26:12 +0200 bitlord <bitlord0...@gmail.com> wrote:
> On Thu, 2 Apr 2015 11:57:26 +0300 > Gevisz <gev...@gmail.com> wrote: > > > On Thu, 2 Apr 2015 03:52:40 -0400 "Walter Dnes" > > <waltd...@waltdnes.org> wrote: > > > > > On Wed, Apr 01, 2015 at 08:19:45PM +0300, Gevisz wrote > > > > > > > So, I am using Claws Mail that downloads e-mails from several > > > > google mail accounts (all are mine :) and about once or twice > > > > in a month get into the situation when Claws asks me to verify > > > > and change the google certificates, first in one direction and > > > > soon after that (usually during the next downloading of my > > > > e-mails) > > > > - in another. > > > > > ... > > > > > > The 2 servers probably have different certificates, which is why > > > you get this behaviour. I suggest going into "apk mode" and > > > putting an entry into your hosts file <G>, like... > > > > > > 173.194.192.108 pop.gmail.com > > > > > > This will force your system to always use the same server, and > > > avoid the re-validation every time you hit the other server from > > > the one you used the previous time. > > > > Thank you for your advice. Added that line to my /etc/hosts file. > > After that Claws asked to verify the google certificate once again, > > but I hope that that was the last time this month and that that > > madness with google certificates finally ends. (Because in the last 2 > > days this situation repeated at least 20 or more times.) > > > > > By looking at the screenshoots that is >=claws-mail-3.10.x (I think > that is the version when it got support for validating certificate > chains)? There is a option in Configuration > Edit Accounts ... then > for every account you have "SSL" options, you can check to accept > "unknown valid certificates" so it will do it automatically, won't ask > if there is a new certificate and it is valid. Thank you for your advice but I do not want to accept certificates unverified and automatically and do not mind verifying a new goggle certificate once a month or so. However, I do not want to see a madness when my e-mail client asks me to verify the certificates that I have already verified over and over again (as described above). Sticking to only one gmail server, as advised by Walter, so far solved the problem. I write "so far" because there is a (very small) probability that the madness ended by itself (because usually it took place not always but at some periods when one gmail server already switched to a new certificate and another one still uses the old certificate, I guess). So, I have to wait one or two months (until they start to switch to even more new certificate) to see how my e-mail client will react.
