GNOME Bugzilla – Bug 740402
"Unacceptable TLS certificate" error connecting to CardDAV server
Last modified: 2014-12-01 13:04:14 UTC
I'm trying to fetch my contacts from my CardDAV server, which is self-hosted on a RaspberryPi running ArkOS. I want to use SSL, but am encountering errors on Evolution 3.13.7. I tried it first with a self-signed certificate, and then with a cert signed by StartCom/StartSSL (though it looks like that may not be trusted by Evolution by default). I've also tried adding the signing cert and root CA cert to Evolution, and that didn't seem to affect the outcome. Full error message: > Unable to open address book 'Radicale' > > This address book cannot be opened. This either means that an incorrect URI was entered, or the server is unreachable. > > Detailed error message: Unable to connect to 'Radicale': Unacceptable TLS certificate Works fine with Evolution 3.12.8 - I get an SSL trust dialog and have to tell it to accept the certificate, but after that it loads fine. I'd be happy to debug some more, but I will need instructions on how to find the information.
Thanks for a bug report. Do you run the same libsoup version with evolution 3.13.7 and 3.12.8? I guess you do not, because I also encountered this error, but only with the "most" recent libsoup, as reported at bug #739951.
It seems as though I'm using libsoup 2.48.0 on both (I'm on Arch, and that's the only libsoup version being offered at the moment). That's the libsoup version that's currently installed and working fine with Evolution 3.12, so maybe it's some interplay between that regression and something in Evolution 3.13.
Is the glib2 and glib-networking of the same version too? These are used by the libsoup.
Yep, all libraries are the same. The only things that get upgraded are evolution and evolution-data-server. glib2 is v2.42.1, and glib-networking is v2.42.0.
Hmm, it confuses me. There is no real change in a way of using libsoup/glib/glib-networking in 3.12 and 3.13 of evolution(-data-server), I'm not aware of anything at least. Another option is that the issuer of the server's certificate is marked as trusted on one machine for your, but as not trusted on the other machine. As you described in comment #0, the self-signed certificate fails, but the certificate signed by a different authority fails as well. Try to find the authority in Edit->Preferences->Certificates->Authorities tab and edit the Trust for the certificate. Only make sure you'll edit the same certificate with which the server's certificate was issued. I'll try to build your versions here and retest with them (I hope your distro doesn't patch the packages).
(In reply to comment #5) > Hmm, it confuses me. There is no real change in a way of using > libsoup/glib/glib-networking in 3.12 and 3.13 of evolution(-data-server), I'm > not aware of anything at least. Oops, no, I'm sorry, 3.13.x has a different way of dealing with SSL trusts and that makes the difference. So what you see is exactly bug #739951. *** This bug has been marked as a duplicate of bug 739951 ***