Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

causes problems under Windows if the certificate changes #936

Open
ClusterWood opened this issue Oct 10, 2024 · 1 comment
Open

causes problems under Windows if the certificate changes #936

ClusterWood opened this issue Oct 10, 2024 · 1 comment

Comments

@ClusterWood
Copy link

... causes problems under Windows if the certificate changes. Solution:

Delete '...\AppData\Roaming\sieve'

Install sieve-0.5.2. Add server again, certificate warnings can be skipped here. Login: “Force PLAIN”; when everything is running again, install version sieve 0.6.1. Runs somewhat more stable than 0.5.2, but cannot handle certificate changes.

Good luck
@thsmi
Copy link
Owner

thsmi commented Dec 21, 2024

This does not sound like a bug to me.

But as you completely ignored the issue template, did not provide much useful information and what you write does not really compute it is crystal ball time. From your writing it sounds to me, as if you are using self singed certificates and then pin the certificates fingerprint. Correct?

If so the program has to reject the connection, if you change the server's certificate does not match the pinned fingerprints. Everything else would be inherently unsafe. Because this is exactly what will happens in a man in the middle attack. Where someone impersonates your server.

In case you know you changed your cert's fingerprint for some reason and thus broke the chain of trust override., then open the app and go the the corresponding account's settings, open the "sever settings" and add your cert's fingerprint to the "Fingerprint" section.

{30A8279D-0947-4E9D-9E05-827BEF008BCF}

Alternatively you can also remove the fingerprint and then it will ask you upon the next connect to verify the fingerprint and will add the fingerprint to the server's settings. But never blindly trust a cert without checking the fingerprint.

Anyhow the real fix would be rolling out your root ca to your clients pcs, so that you do not need to pin the certificate at all. Pinning certificates is a hack and not a solution for a productive environment. You should not use it unless your really really know what you are doing. In general the easiest is got to a trustworthy notary which has a CA root is already included in you system's ca store and request from them a certificate, which is normally way cheaper than manually rolling out a custom root CA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thsmi @ClusterWood