Bug 7357 - (int-152000) MfE is missing some CA cert symlinks on some devices (NuevaSync)
(int-152000)
: MfE is missing some CA cert symlinks on some devices (NuevaSync)
Status: RESOLVED FIXED
Product: Synchronization
Mail for Exchange
: 5.0/(1.2009.42-11)
: N900 Maemo
: Medium major with 7 votes (vote)
: 5.0/(2.2009.51-1)
Assigned To: unassigned
: activesync-bugs
:
:
:
:
  Show dependency tree
 
Reported: 2009-12-27 00:02 UTC by David Boreham
Modified: 2010-12-10 08:59 UTC (History)
12 users (show)

See Also:


Attachments
ActiveSync log file (7.06 KB, application/zip)
2010-02-15 12:50 UTC, Thiago Figueiro
Details


Note

You need to log in before you can comment on or make changes to this bug.


Description David Boreham (reporter) 2009-12-27 00:02:00 UTC
SOFTWARE VERSION: 1.2009.42-11.002 (RTM N900 purchased in the USA in December
2009).

EXACT STEPS LEADING TO PROBLEM: 
(Explain in detail what you do (e.g. tap on OK) and what you see (e.g. message
Connection Failed appears))
1. Find one of the afflicted devices (I have no idea how devices get into this
state, but we've had the problem reported by 4 users, and I've seen a few posts
on the Nokia support forums by users who appear to have the same issue).
2. Try to configure MfE to use SSL, connecting to some server that has a cert
with trust chain ending in certain specific certs (ours is ""Entrust.net Secure
Server Certification Authority" but I don't believe this is terribly
significant -- it could happen with a number of different CA certs). 
3. You will see the error message "Error. Either Exchange server requires
secure connection or account is disabled."

EXPECTED OUTCOME: No error.

ACTUAL OUTCOME: Error message : "Error. Either Exchange server requires secure
connection or account is disabled."

REPRODUCIBILITY:
Always reproducable if you own one of the afflicted devices.
100% unreproducable otherwise.

EXTRA SOFTWARE INSTALLED:
None.

OTHER COMMENTS:

This first came to my attention when a few users with N900s raised support
tickets against our service (NuevaSync), complaining about this specific error
message.

I've spent some time (a few days) debugging this with the help of one of the
afflicted users and have partly diagnosed the problem, read on:

Fist we observed that the afflicted devices never got as far as sending an
operation of any kind to the service. We also checked the user had entered the
configuration correctly. Next we took a packet trace at the server. This
revealed that the device was making a connection, but the SSL handshake was
failing. The packet trace indicated that the error was related to the device
not trusting the CA cert. Next we asked the afflicted user to get device-side
syslog output. Here's the useful portion of the log:

Dec 25 20:29:59 Nokia-N900-42-11 activesync[1585]: CurlConnectionManager:
certdir = /home/user/.activesync/certs
Dec 25 20:29:59 Nokia-N900-42-11 activesync[1585]: HTTP REQUEST:  OPTIONS
https://www.nuevasync.com/Microsoft-Server-ActiveSync
Dec 25 20:29:59 Nokia-N900-42-11 activesync[1585]: ASDAEMON-CONN: startSession
start, aWait=60 seconds
Dec 25 20:29:59 Nokia-N900-42-11 activesync[1585]: ASDAEMON-CONN:
CURL-CONN-CALLBACK: Action=1
Dec 25 20:30:00 Nokia-N900-42-11 [1569]: activesync:
modest_activesync_plugin_on_queue_changed(0) 
Dec 25 20:30:00 Nokia-N900-42-11 [1569]: activesync:
modest_activesync_plugin_on_queue_changed: operation added 
Dec 25 20:30:00 Nokia-N900-42-11 [1569]: activesync: END
modest_activesync_plugin_on_queue_changed 
Dec 25 20:30:00 Nokia-N900-42-11 activesync[1585]: ASDAEMON-CONN:
CURL-CONN-CALLBACK: Action=2
Dec 25 20:30:00 Nokia-N900-42-11 activesync[1585]: ASDAEMON-CONN:
CURL-CONN-CALLBACK: Action=1
Dec 25 20:30:01 Nokia-N900-42-11 activesync[1585]: ASDAEMON-CONN:
CURL-CONN-CALLBACK: Action=4
Dec 25 20:30:01 Nokia-N900-42-11 activesync[1585]: ASDAEMON-CONN: startSession
end, ret=60
Dec 25 20:30:01 Nokia-N900-42-11 activesync[1585]: AS-PERF: Transfered 0 bytes
in 2 seconds. Transfer rate is 0 Kb/sec
Dec 25 20:30:01 Nokia-N900-42-11 activesync[1585]: CurlConnectionManager:
sendReceive attempt 2: CancelErr=0
Dec 25 20:30:01 Nokia-N900-42-11 activesync[1585]: CurlConnectionManager: cURL
errorcode = 60
Dec 25 20:30:01 Nokia-N900-42-11 activesync[1585]: AS-LIB: OPTIONS response
received (888)
Dec 25 20:30:01 Nokia-N900-42-11 activesync[1585]: AS-LIB: Send/Receive has
been executed
Dec 25 20:30:01 Nokia-N900-42-11 activesync[1585]: AS-LIB: Received HTTP
response 888. Factory not created

After a bit of head-scratching, I had a notion to ask the user how many files
were in the directory /home/user/.activesync/certs on this device. The answer
was : 135. My N900 has 236 so I wondered if something had gone awry with
whatever code makes those symlinks to the system cert store (they have time
stamps from when the device was first configured to use MfE, or first turned
on, so I figured that something makes them at that time).

Therefore I tarr'ed up the contents of .../.activesync/certs on my device and
emailed it to the user. Once he had used that to replace his certs directory
and rebooted, the error magically went away and MfE worked correctly.

Conclusion: on some devices, for reasons unknown, that private cert store used
by MfE ends up in a broken state, containing fewer symlinks than it should.
This in turn (not surprisingly) leads to CA cert trust errors when connecting
to any service with a server cert signed by one of the 'missing' certs.
Comment 1 toni.laroma 2009-12-27 01:36:32 UTC
I'm having this problem and there are 119 files under the certs dir on my N900
Comment 2 Lari Tuononen 2009-12-28 08:46:35 UTC
See bug: 6467
Comment 3 David Boreham (reporter) 2009-12-28 14:50:00 UTC
FWIW I read 6467 before filing this and I believe it is a completely different
bug (relates to importing self-signed server cert into MfE). This bug is about
the pre-loaded CA certs which should all be present in the device's MfE cert
store (but sometimes aren't). If there's a connection between this bug and 6467
I'd be grateful if you could point it out to me.
Comment 4 Andre Klapper maemo.org 2009-12-28 15:28:18 UTC
Is this generic, or about a specific Exchange server version?
Comment 5 David Boreham (reporter) 2009-12-28 15:30:18 UTC
This is (In reply to comment #4)
> Is this generic, or about a specific Exchange server version?
> 

This is not related in any way to the Exchange server version.
The trouble starts when MfE (using libcurl) tries to establish an SSL
connection
to the server. You could reproduce it with any old HTTP server. The key issue
is to try to connect via SSL to some server that has a cert signed by one of
the 'missing' CA certs.
Comment 6 mike choy 2009-12-29 01:34:54 UTC
*** This bug has been confirmed by popular vote. ***
Comment 7 David Boreham (reporter) 2009-12-29 17:48:51 UTC
Based on this post:
http://discussions.europe.nokia.com/discussions/board/message?board.id=maemo&view=by_date_ascending&message.id=1336#M1336
the missing cert syndrome can occur with Google (although at present my
understanding is that Google's sync service doesn't work with the N900).
Comment 8 Andre Klapper maemo.org 2009-12-30 14:14:20 UTC
This has been fixed for the upcoming "PR1.1" release.
Forwarding internal comment:

"Symlinks are not used any more.
The current code is using the certificates located in folders specified in
environment variable SSL_CERT_DIR or, if the variable does not exist, in
folders
/etc/certs/common-ca
/home/user/.maemosec-certs/ssl-ca
"
Comment 9 Andre Klapper maemo.org 2009-12-30 17:00:46 UTC
To clarify my last comment:

A future public update released with the year/week later than this internal
build version will include the fix. (This is not always already the next public
update.)
Please verify that this new version fixes the bug by marking this bug report as
VERIFIED after the public update has been released and if you have some time.

To answer popular followup questions:
 * Nokia does not announce release dates of public updates in advance.
 * There is currently no access to these internal, non-public build versions.
   A Brainstorm proposal to change this exists at
http://maemo.org/community/brainstorm/view/undelayed_bugfix_releases_for_nokia_open_source_packages-002/
Comment 10 Andre Klapper maemo.org 2010-01-14 12:26:08 UTC
The problem reported here should be fixed in the update released today for
public: The Maemo5 update version 2.2009.51-1 (also called "PR1.1" sometimes).
Please leave a comment if the problem is not fixed for you in this update
version.
Comment 11 Adlay Ingemar 2010-01-16 18:36:00 UTC
i still got the "Error. Either Exchange server requires secure
connection or account is disabled." after updated to PR1.1
Comment 12 Matthew Pierce 2010-01-23 00:28:24 UTC
I am having this issue as well.  Please advise if there is a fix/workaround.

Thank you.
Comment 13 Adrian 2010-01-25 23:28:53 UTC
I have same problem, but, in our platform have an "Novell Acces Manager" for
external connections and have the same problem when try to sync from outside,
when try sync from inside of network (whitout Acces Manager) works fine. 

Looking on "Acces Manager" log I see "error 504" few seconds after appears
"Imposible Send".

If bypass the "Access manager" the sync works fine, including the requests from
outside.

The log when fail the sync is:

Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-SEND: Received a new
mail to send, ID: (437) 
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: AS-DAEMON: QWarning:
QMailMessageMetaData::setMessageType: 0 
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: AS-DAEMON: QWarning:
QMailMessageMetaData::setMessageType: 0 
Jan 25 15:22:43 Nokia-N900-51-1 [1499]: activesync: protocolwrapper.cpp Line
2279, int sendMail(as_message_id): Thread 0x32a940 AS-CAMEL-SEND: Request is
sent, wating for send confirmation 
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-SCHED: Checking mail
for forward
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-SEND: Post Send
action
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: SyncScheduler::add
mCurrentSchedule=30 aPririty=3
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON: ICListener IAPs
count = 1
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: SyncScheduler::add pass to
executor imediatelly.
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-QUEUE: Got some
action. Start processing
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-QUEUE: Execute
action (state=2, 1 queued actions)
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]:
ProtocolActionWrapper::handleFactoryCreated(1)
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: AS-LIB: Sending SendMail
request (SaveInSent = true)...
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: CurlConnectionManager:
sendReceive: enter
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON: ICListener IAPs
count = 1
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON: ICListener
proxyHost: usessl = 1, proxy_host = (null) 
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: HTTP REQUEST:  POST
https://mail.yyyy.com/Microsoft-Server-ActiveSync?Cmd=SendMail&DeviceId=356938030168588&DeviceType=SmartPhone&SaveInSent=T
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN: startSession
start, aWait=30 seconds
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN:
CURL-CONN-CALLBACK: Action=2
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN:
CURL-CONN-CALLBACK: Action=1
Jan 25 15:22:43 Nokia-N900-51-1 activesync[1345]: SendMailActionWrapper:
onBodyTransferStarted. Cancel will not be available in this case
Jan 25 15:22:44 Nokia-N900-51-1 [1499]: GLIB DEBUG gtkhtml - When auto-panning
is deactivate, no selection is allowed 
Jan 25 15:22:47 Nokia-N900-51-1 [1499]: GLIB WARNING ** Gtk - SaveToDraftsMenu:
missing action ActionsSaveToDrafts
Jan 25 15:23:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN: Cancel
connection
Jan 25 15:23:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN:
CURL-CONN-CALLBACK: Action=4
Jan 25 15:23:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN: startSession
end, ret=0
Jan 25 15:23:13 Nokia-N900-51-1 activesync[1345]: AS-PERF: Transfered 0 bytes
in 30 seconds. Transfer rate is 0 Kb/sec
Jan 25 15:23:13 Nokia-N900-51-1 activesync[1345]: CurlConnectionManager:
sendReceive attempt 1: CancelErr=901
Jan 25 15:23:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON: ICListener IAPs
count = 1
Jan 25 15:23:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON: ICListener
proxyHost: usessl = 1, proxy_host = (null) 
Jan 25 15:23:13 Nokia-N900-51-1 activesync[1345]: HTTP REQUEST:  POST
https://mail.xxx.com/Microsoft-Server-ActiveSync?Cmd=SendMail&DeviceId=356938030168588&DeviceType=SmartPhone&SaveInSent=T
Jan 25 15:23:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN: startSession
start, aWait=60 seconds
Jan 25 15:23:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN:
CURL-CONN-CALLBACK: Action=1
Jan 25 15:23:13 Nokia-N900-51-1 activesync[1345]: SendMailActionWrapper:
onBodyTransferStarted. Cancel will not be available in this case
Jan 25 15:24:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN: Cancel
connection
Jan 25 15:24:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN:
CURL-CONN-CALLBACK: Action=4
Jan 25 15:24:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN: startSession
end, ret=0
Jan 25 15:24:13 Nokia-N900-51-1 activesync[1345]: AS-PERF: Transfered 0 bytes
in 60 seconds. Transfer rate is 0 Kb/sec
Jan 25 15:24:13 Nokia-N900-51-1 activesync[1345]: CurlConnectionManager:
sendReceive attempt 2: CancelErr=901
Jan 25 15:24:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON: ICListener IAPs
count = 1
Jan 25 15:24:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON: ICListener
proxyHost: usessl = 1, proxy_host = (null) 
Jan 25 15:24:13 Nokia-N900-51-1 activesync[1345]: HTTP REQUEST:  POST
https://mail.xxx.com/Microsoft-Server-ActiveSync?Cmd=SendMail&DeviceId=356938030168588&DeviceType=SmartPhone&SaveInSent=T
Jan 25 15:24:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN: startSession
start, aWait=90 seconds
Jan 25 15:24:13 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN:
CURL-CONN-CALLBACK: Action=1
Jan 25 15:24:13 Nokia-N900-51-1 activesync[1345]: SendMailActionWrapper:
onBodyTransferStarted. Cancel will not be available in this case
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN: Cancel
connection
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN:
CURL-CONN-CALLBACK: Action=4
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-CONN: startSession
end, ret=0
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: AS-PERF: Transfered 0 bytes
in 90 seconds. Transfer rate is 0 Kb/sec
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: CurlConnectionManager:
sendReceive attempt 3: CancelErr=901
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: HTTP REQUEST headers:
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: User-Agent: N900/1.1
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: Host: mail.xxx.com
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: Connection: Keep-Alive
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: Authorization: <skipped>
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: MS-ASProtocolVersion: 12.1
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: Content-Type: message/rfc822
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: Content-Length: 1026
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: HTTP STATUS: 0
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: HTTP RESPONSE headers:
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: AS-LIB: SendMail response
received (901)
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: AS-LIB: Action execution ends
with status 901
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: ActionWarpper - action
completed with result 901
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-SEND: Camel provider
is notified with send status 901
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-QUEUE:
ActionQueueExecutor::handleError(3, 901) done
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-QUEUE: Action is
completed, state=1, 0 actions are queued
Jan 25 15:25:43 Nokia-N900-51-1 activesync[1345]: ASDAEMON-PING: Ping timer is
armed.
Jan 25 15:25:43 Nokia-N900-51-1 [1499]: activesync: AS-MODEST:
HandleOperationCompleted() aOperation [0], aArguments = [(nil)], aStatus =
[901]
Jan 25 15:25:43 Nokia-N900-51-1 [1499]: activesync: protocolwrapper.cpp Line
537, void HandleOperationCompleted(void*, AsDBusOperation, void*, int, const
char*, const GPtrArray*): Thread 0x84868 AS CAMEL: D-Bus EVENT RECEIVED.
Operation[0] Error[901] 
Jan 25 15:25:43 Nokia-N900-51-1 [1499]: activesync: protocolwrapper.cpp Line
282, void acquireSemaphore(): Thread 0x84868 AS CAMEL: storageSemaphore:
Acquire semaphore 
Jan 25 15:25:43 Nokia-N900-51-1 [1499]: activesync: protocolwrapper.cpp Line
510, void do_update_account_id(): Thread 0x84868 do_update_account_id id = 8 
Jan 25 15:25:43 Nokia-N900-51-1 [1499]: activesync: protocolwrapper.cpp Line
299, void releaseSemaphore(): Thread 0x84868 AS CAMEL: storageSemaphore:
Release semaphore 
Jan 25 15:25:44 Nokia-N900-51-1 [1499]: activesync: camel-as-transport.c Line
172, as_send_to: Thread 0x32a940 Sending error code (901) 
Jan 25 15:25:44 Nokia-N900-51-1 [1499]: activesync: camel-as-transport.c Line
244, as_disconnect: Thread 0x32a940 CAMEL-TRANSPORT-AS: as_disconnect 
Jan 25 15:25:44 Nokia-N900-51-1 activesync[1345]: ASDAEMON-PING: Ping is
disabled.. Ignore Ping action
Jan 25 15:25:45 Nokia-N900-51-1 [1499]: activesync:
modest_activesync_plugin_on_operation_finished(6, 0x9d020) 
Jan 25 15:25:45 Nokia-N900-51-1 [1499]: activesync:
modest_activesync_plugin_on_operation_finished() end 
Jan 25 15:25:45 Nokia-N900-51-1 [1499]: activesync:
modest_activesync_plugin_on_queue_changed(1) 
Jan 25 15:25:45 Nokia-N900-51-1 [1499]: activesync:
modest_activesync_plugin_on_queue_changed: operation removed 
Jan 25 15:25:45 Nokia-N900-51-1 [1499]: activesync: END
modest_activesync_plugin_on_queue_changed
Comment 14 Adrian 2010-01-27 02:03:20 UTC
Clarification ... with "Access Manager" only fails when trying to send an email
Comment 15 bo jangles 2010-02-11 17:13:15 UTC
Problem still exists with version 2.2009.51-1 while trying to connect to google
apps

(In reply to comment #10)
> The problem reported here should be fixed in the update released today for
> public: The Maemo5 update version 2.2009.51-1 (also called "PR1.1" sometimes).
> Please leave a comment if the problem is not fixed for you in this update
> version.
>
Comment 16 Andre Klapper maemo.org 2010-02-11 17:28:20 UTC
(In reply to comment #15)
> Problem still exists with version 2.2009.51-1 while trying to connect to google
> apps

Please don't fullquote and don't answer above the quote, plus provide exact
steps. Short "me too" comments are not helpful. Also is this NuevaSync related
at all? If not, it's unrelated to this bug report.
Comment 17 bo jangles 2010-02-11 18:50:59 UTC
> Also is this NuevaSync related
yeap
Comment 18 Thiago Figueiro 2010-02-13 15:21:59 UTC
(In reply to comment #16)

> steps. Short "me too" comments are not helpful. Also is this NuevaSync related
> at all? If not, it's unrelated to this bug report.

Seeing that the bug still exists for many people (myself included), may I
suggest MfE receives an option to ignore certificate errors?  libcurl supports
this.

I believe that this would provide a satisfactory work-around for a number of
people who are struggling to use synchronisation in their N900.

Rgds,
Thiago.
Comment 19 Vitaly Repin 2010-02-13 16:50:32 UTC
Could somebody who still has this problem after PR1.1 update take the logs and
attach them to this bug?

Instructions to take the logs: 
http://wiki.maemo.org/Mail_for_Exchange#Turning_the_logging_ON

Before publishing the logs, check that the log files do not contain any data
which you treat as private or confidentional, pls!
Comment 20 David Boreham (reporter) 2010-02-13 16:52:01 UTC
We have not had any support tickets about this issue in a long time.
Not since the last firmware update.
Comment 21 Thiago Figueiro 2010-02-15 12:50:51 UTC
Created an attachment (id=2292) [details]
ActiveSync log file

Error message => Invalid host address for Exchange server.
Comment 22 Vitaly Repin 2010-02-16 13:38:55 UTC
(In reply to comment #21)
> Created an attachment (id=2292) [details] [details]
> ActiveSync log file

> Error message => Invalid host address for Exchange server.

The following curl errors found in the attached log file:

CURLE_COULDNT_CONNECT (7) 
Failed to connect() to host or proxy.
*** this error happened during autodiscover, it is normal ***

CURLE_COULDNT_RESOLVE_HOST (6) 
Couldn't resolve host. The given remote host was not resolved.

CURLE_PEER_FAILED_VERIFICATION (51) 
The remote server's SSL certificate or SSH md5 fingerprint was deemed not OK.

I see that cURL error 6 was in the log when a symbolic host name was used,
however, when the host was used in ip-format, curl error 51 start happening. It
means that certificate on server contains symbolic server name and the
verification was failed because of this.


So, it is normal.
Comment 23 Thiago Figueiro 2010-02-17 01:58:26 UTC
(In reply to comment #22)
> CURLE_COULDNT_RESOLVE_HOST (6) 
> Couldn't resolve host. The given remote host was not resolved.

Which is quite interesting seeing that the phone's browser can resolve the very
same host (mail.au.westfield.com).  Ping will also resolve the name, as will
nslookup.

To overcome this problem I have created an entry in /etc/hosts with my mail
host name.  Even though other applications can resolve the same host name, MfE
can't.  This approach didn't work either.


> CURLE_PEER_FAILED_VERIFICATION (51) 
(...)
> So, it is normal.  

I agree.  But since MfE doesn't support ignoring certificate errors I'm
considering recompiling libcurl to force

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE); 

on all connections.  This would allow me to use the IP address since MfE
doesn't seem to like resolving mail.au.westfield.com.

Thoughts?
Comment 24 Thiago Figueiro 2010-02-18 01:55:27 UTC
Right.  So I upgraded to 3.2010.02-8.003 today.

Lo and behold, MfE now works.

Thanks for the support, guys.
Comment 25 Nathan Xavier 2010-02-26 21:19:14 UTC
Im on UK Vodaphone

2.2009.51-1.205.1_PR_F5_205_ARM.bin

No upgrade above this for UK VF yet.

Is there a workaround? Does anyone have a copy of the working certs so i can
replace mine?