[Bug 933659] Re: evolution calendar does not check SSL certificates
This is fixed in Ubuntu 14.04 LTS and above, and older versions will not get updated because it may break existing installation. I'm marking this bug as fixed. ** Changed in: evolution-data-server (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659]
Hi, Documenting the results of discussion with Michael Haefner: The risk of breaking the existing things is not worth the effort. The status is now set to RESOLVED WONTFIX. -- Sergei -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659]
Hello, === There is an update on this issue. It looks like the only fix possible for this bug is libsoup strict SSL mode enabled. In Evolution 2.x, all of the certificate authenticity checks are done within calendar/gui/itip-utils.c:itip_public_comp inside the backend; no extra configuration options may be passed and it is complicated to implement the latter. In addition, in Evolution 3.x things are very different and cannot be easily ported back into version 2.x. With strict mode in libsoup enabled, end-users will have to add unverified certificates they trust into the system using the external tools. Siarhei Melnikovich -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659] Re: evolution calendar does not check SSL certificates
** Changed in: evolution-data-server (openSUSE) Status: In Progress = Won't Fix -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659]
Hello, The evolution-data-server package is now ready. Evolution is modified to make use of strict ssl; however, a UI option for Evolution is still a problem and requires more effort since 3.3 and 2.x code is quite different. Siarhei Melnikovich -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659]
Hello, work for fixing this bug is still in process. The fixes will The fixes will be backported from Evolution 3.3.*: https://bugzilla.gnome.org/show_bug.cgi?id=671537. New option for strict certificate processing will be included in the UI. Siarhei Melnikovich. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659]
Hi, Setting the status to ASSIGNED. Siarhei Melnikovich -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659] Re: evolution calendar does not check SSL certificates
** Changed in: evolution-data-server (openSUSE) Status: Confirmed = In Progress -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659]
- missing certificate checking is bad ... however ... - several services might run self-signed, including some Novell Groupwise installations, so compatibility would break when we enable it. - so this might need UI additions to enable/disable cert checking, which in turn might get denied. I suspect we might not be able to fix this easily at all and/or only in future products. :( I am changing this to VUL-1. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659]
This bug confuses me a bit. Is it a Major VUL-0 issue (i.e. requires immediate actions) or VUL-1 / planned update? -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659] Re: evolution calendar does not check SSL certificates
** Changed in: evolution-data-server (Ubuntu) Assignee: Marc Deslauriers (mdeslaur) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659] Re: evolution calendar does not check SSL certificates
** Changed in: evolution-data-server (Ubuntu) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659] Re: evolution calendar does not check SSL certificates
In theory, this should by addressed by a security update. The problem is that adding a new option may break existing users who are using self- signed certs. We may want to default to accepting invalid certs in the security update. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659] Re: evolution calendar does not check SSL certificates
** Bug watch added: Novell/SUSE Bugzilla #760517 https://bugzilla.novell.com/show_bug.cgi?id=760517 ** Also affects: evolution-data-server (openSUSE) via https://bugzilla.novell.com/show_bug.cgi?id=760517 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659] Re: evolution calendar does not check SSL certificates
Upstream fixes: http://git.gnome.org/browse/evolution-data-server/commit/?id=969ea449d30be94f92feaa9ae5a18f83e68b2035 http://git.gnome.org/browse/evolution/commit/?id=12256b4f1cc7def560824ed5fb3c506669709a32 These went into 3.5. Precise is 3.2.3-0ubuntu6 and Quantal on 3.4.3-1ubuntu1. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659] Re: evolution calendar does not check SSL certificates
Launchpad has imported 6 comments from the remote bug at https://bugzilla.novell.com/show_bug.cgi?id=760517. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2012-05-03T14:36:52+00:00 Meissner-i wrote: +++ This bug was initially created as a clone of Bug #758431 (libsoup) +++ As libsoup needs to be set to strict ssl and fed a ca path before it does correct SSL checking, evolution-data-server is likely not doing SSL certificate checking correctly. Soup users I spotted: Groupwise protocol handling (server/groupwise/e-gw-connection.c) Exchange protocol handling (server/exchange/lib/e2k-context.c) Google (servers/google/libgdata-google/gdata-google-service.c) calendar/backends/http/e-cal-backend-http.c calendar/backends/caldav/e-cal-backend-caldav.c From Midori fix: g_object_set (session, ssl-ca-file, /etc/ssl/ca-bundle.pem, ssl-strict, TRUE ); (e-d-s needs some handling of SSL cert verification failures though, otherwise it will just failt.) Reply at: https://bugs.launchpad.net/evolution-data- server/+bug/933659/comments/12 On 2012-05-03T15:11:53+00:00 Meissner-i wrote: (my suggestion is probably not correct... I do not fully understand it yet) we probably need to evluated the trusted attribute after the connect Reply at: https://bugs.launchpad.net/evolution-data- server/+bug/933659/comments/13 On 2012-05-03T15:36:18+00:00 Meissner-i wrote: opened https://bugzilla.gnome.org/show_bug.cgi?id=675378 Reply at: https://bugs.launchpad.net/evolution-data- server/+bug/933659/comments/14 On 2012-05-03T22:00:11+00:00 Swamp-a wrote: bugbot adjusting priority Reply at: https://bugs.launchpad.net/evolution-data- server/+bug/933659/comments/15 On 2012-05-04T08:02:26+00:00 Meissner-i wrote: A GNOME bug was already open: https://bugzilla.gnome.org/show_bug.cgi?id=671537 It has patches for the non-groupwise parts already. Reply at: https://bugs.launchpad.net/evolution-data- server/+bug/933659/comments/16 On 2012-05-31T14:50:46+00:00 Meissner-i wrote: to bnc-team-evolution Reply at: https://bugs.launchpad.net/evolution-data- server/+bug/933659/comments/19 ** Changed in: evolution-data-server (openSUSE) Status: Unknown = Confirmed ** Changed in: evolution-data-server (openSUSE) Importance: Unknown = High ** Bug watch added: GNOME Bug Tracker #675378 https://bugzilla.gnome.org/show_bug.cgi?id=675378 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659] Re: evolution calendar does not check SSL certificates
Making this report public since the issue is public elsewhere: https://bugzilla.gnome.org/show_bug.cgi?id=671537 http://www.openwall.com/lists/oss-security/2012/05/04/4 ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 933659] Re: evolution calendar does not check SSL certificates
The attachment check-ssl-certificates.patch of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report. [This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/933659 Title: evolution calendar does not check SSL certificates To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/933659/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs