Bug 6582 - (int-152505) exchange sync cant handle certificate exceptions
(int-152505)
: exchange sync cant handle certificate exceptions
Status: VERIFIED FIXED
Product: Synchronization
Mail for Exchange
: 5.0/(3.2010.02-8)
: N900 Maemo
: Low normal with 3 votes (vote)
: 5.0/(10.2010.19-1)
Assigned To: unassigned
: activesync-bugs
:
:
:
:
  Show dependency tree
 
Reported: 2009-12-04 16:32 UTC by Justin
Modified: 2010-05-26 19:23 UTC (History)
7 users (show)

See Also:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description Justin (reporter) 2009-12-04 16:32:16 UTC
SOFTWARE VERSION:
Maemo 5 1.2009.11-42.002

EXACT STEPS LEADING TO PROBLEM: 
1. set up exchange sync
2. enter server and select SSL(note server requires certificate exception)
3. click Next and server connection fails with m essage saying server
unavailable or account disabled

EXPECTED OUTCOME:
Ability to select certificate excpetion in mail app for mail servers

ACTUAL OUTCOME:

REPRODUCIBILITY:
always

EXTRA SOFTWARE INSTALLED:

OTHER COMMENTS:

User-Agent:       Mozilla/5.0 (X11; U; Linux armv7l; en-US; rv:1.9.2a1pre)
Gecko/20090928 Firefox/3.5 Maemo Browser 1.4.1.21 RX-51 N900
Comment 1 Andre Klapper maemo.org 2009-12-05 02:33:42 UTC
Thanks for reporting this.

(In reply to comment #0)
> EXACT STEPS LEADING TO PROBLEM: 
> 1. set up exchange sync

For future reference, please provide exact steps- This is too vague.

Which exact Exchange version does this refer to?

What is the exact error message?
Comment 2 Andre Klapper maemo.org 2009-12-08 18:29:47 UTC
--> moreinfo as per last comment.
Comment 3 Justin (reporter) 2009-12-08 18:56:06 UTC
I visit company webmail site on N900.  Page opens and indicates certificate is
not approved.  Prompts me to accept.  This webmail site has a certificate that
doesnt match since address(a .aero domain) is forwarded to a different
domain(our .com domain).  Certificate is verified by a random internal server. 
Bottom line, it requires you to make an exception which the browser handled no
problem.  

SO: 
I try to set up Exchange access to my company's Exchange 2003 system using N900
Mail For Exchange option in Settings(note, same outcome when done from Mail
app).  I enter my email address, user name, password and click Next.  It
generates Credentials.  I enter the Exchange server(same as our webmail site
that needed the certificate exception in the browser) and leave SSL(port 443)
checked).  Click Next.  Tries to connect to server and fails with error:
"Error. Either server requires secure authentication or account is disabled." 
It does not allow me to create a certificate exception and doesn't recognize
the exception I created in the browser.  

I had the same issue with my iPhone when it first offered Exchange.  I had to
wait for a next software rev to handle the certificate in the mail app.

Hope that helps.  Love the OS though, keep up the good work!
Comment 4 Lari Tuononen 2009-12-11 16:51:24 UTC
When using self signed root sertificate (using exchange 2007) I had very big
problems getting the sync going, the wizard always ended with error "Error:
Either Exchange server requires secure connection or account is disabled".

I found out that MfE uses certificates from /home/user/.activesync/certs which
has symlinks from /etc/certs/common-ca/. But the user imported sertificates go
to /home/user/.maemosec-certs/ssl-ca and these are not symlinked to the
activesync folder. After manually doing the symlink in xterm, I got the MfE
working.
Comment 5 NathanR 2009-12-14 02:40:11 UTC
Confirmed using Labra's method, imported self-signed or private certificate
authority chains are not recognized by MfE.
Comment 6 jan.grabski 2009-12-21 15:51:30 UTC
I get the same error when trying to sync with google calendar. There is also a
domain name mismatch (gmail.com vs m.google.com) there, so could this be the
same problem a lot of folks are complainig about on the forums?
Comment 7 Andre Klapper maemo.org 2009-12-21 15:52:33 UTC
(In reply to comment #6)
> I get the same error when trying to sync with google calendar.

Unrelated - Google is not supported, see bug 6343...
Comment 8 Andre Klapper maemo.org 2010-03-04 23:27:00 UTC
This has been fixed in package
10.2010.07-7
which is part of the internal build version
as-daemon 0.0.3-29+0m5
(Note: 2009/2010 is the year, and the number after is the week.)

"Checked this in 2007 exchange server with self signed certificate.
Was able to configure the account after ignoring the "Invalid Certificate"."

A future public update released with the year/week later than this internal
build version will include the fix. (This is not always already the next public
update.)
Please verify that this new version fixes the bug by marking this bug report as
VERIFIED after the public update has been released and if you have some time.


To answer popular followup questions:
 * Nokia does not announce release dates of public updates in advance.
 * There is currently no access to these internal, non-public build versions.
   A Brainstorm proposal to change this exists at
http://maemo.org/community/brainstorm/view/undelayed_bugfix_releases_for_nokia_open_source_packages-002/
Comment 9 Andre Klapper maemo.org 2010-03-15 20:56:07 UTC
Setting explicit PR1.2 milestone (so it's clearer in which public release the
fix will be available to users).

Sorry for the bugmail noise (you can filter on this message).
Comment 10 greg 2010-04-02 01:43:37 UTC
(In reply to comment #8)
> This has been fixed in package
> 10.2010.07-7
> which is part of the internal build version
> as-daemon 0.0.3-29+0m5
> (Note: 2009/2010 is the year, and the number after is the week.)
> 
> "Checked this in 2007 exchange server with self signed certificate.
> Was able to configure the account after ignoring the "Invalid Certificate"."
> 
> A future public update released with the year/week later than this internal
> build version will include the fix. (This is not always already the next public
> update.)
> Please verify that this new version fixes the bug by marking this bug report as
> VERIFIED after the public update has been released and if you have some time.
> 
> 
> To answer popular followup questions:
>  * Nokia does not announce release dates of public updates in advance.
>  * There is currently no access to these internal, non-public build versions.
>    A Brainstorm proposal to change this exists at
> http://maemo.org/community/brainstorm/view/undelayed_bugfix_releases_for_nokia_open_source_packages-002/
> 
Andre,

whre can I find and install as-daemon 0.0.3-29+0m5 package ?
Thanks,
Greg
Comment 11 Andre Klapper maemo.org 2010-04-13 18:27:20 UTC
(In reply to comment #10)
> whre can I find and install as-daemon 0.0.3-29+0m5 package ?
> Thanks,
> Greg

I answered this already:

> This has been fixed in the **internal** build version as-daemon 0.0.3-29+0m5.
> A future **public** update released with the year/week later than this internal
> build version will include the fix. (This is not always already the next public
> update.)
Comment 12 Tuomas 2010-05-23 18:24:53 UTC
*** Bug 10152 has been marked as a duplicate of this bug. ***
Comment 13 Justin (reporter) 2010-05-26 19:23:53 UTC
Tested this on my company email and it works perfectly.  Asks if I want to
ignore the certificate issue and then proceeds to do first sync. 

Nice work!