Something odd is going on with Gmail

[hazel]

I download my mail from Gmail's pop3 server using claws-mail. Occasionally I get a pop-up saying that Google's SSL certificate has changed and I just OK to save the new one. But today I have been getting the same pop-up every time mail is fetched. Does anyone know what is going on?

[Rubberman]

See if this continues for another couple of days? I know that there have been some changes in cert authentication lately. It may be that soon you should update your mail client.

[hazel]

The same thing went on all yesterday. I tried it out of Slackbody, which uses a different version of Claws, and it was the same, so the problem was definitely at gmail's end and not at mine. But today, it seems to have cleared. No doubt we shall be given an explanation in due course.

[hazel]

Bah! It's started again! When I look at the actual certificates, it says for the status of the old one "No certificate issuer found" whereas the replacement is marked "Correct". But then, 5 minutes later, the new "correct" one fails for the same reason. What the heck does that mean?

[MikeTbob]

Bah! It's started again! When I look at the actual certificates, it says for the status of the old one "No certificate issuer found" whereas the replacement is marked "Correct". But then, 5 minutes later, the new "correct" one fails for the same reason. What the heck does that mean?

You might have better luck trying to figure this out via Google help.
Gmail Help

[hazel]

Good try! I've spent about half an hour going through their help but haven't found anything useful. I also tried googling some general howtos on ssl, hoping I could perhaps understand what is going on under the bonnet, but so far it's Greek to me.

What does "No certificate issuer found" actually mean? Where does the replacement certificate that is suggested come from if it isn't issued by a certificate issuer? If I knew that, I could perhaps get a handle on this (of course I googled this error message but that produced nothing useful either). I think I'm getting too old and slow to figure all this out.

[MikeTbob]

It's a bit dated. I found this from 2008
Google Forgets to Renew Gmail's SMTP SSL Certificate
And this one, with a little Gem in there. Is your time/date set correctly?
Invalid or Expired Security Certificate? - Online Tech Support Help from Ask Dave Taylor!®
This was my Google search: ssl certificate expired gmail. You are not too old or slow, it just takes finding the right keywords.

[clawsuser]

You're not alone. I think it might be claws-mail. I'm getting the exact same issue on Claws 3.8.0. It doesn't look like the problem was fixed in 3.8.1, though.

[hazel]

It's a bit dated. I found this from 2008
Google Forgets to Renew Gmail's SMTP SSL Certificate
And this one, with a little Gem in there. Is your time/date set correctly?
Invalid or Expired Security Certificate? - Online Tech Support Help from Ask Dave Taylor!®
This was my Google search: ssl certificate expired gmail. You are not too old or slow, it just takes finding the right keywords.

You'll laugh! I found both those posts on Sunday. But if you look more closely you'll see that they describe a different problem - certificates that have expired. In the one case because Google forgot to renew them, in the other because the computer was living in the future. Now when I look at the certificates, it says of the old one "Status: No certificate issuer found" and of the new one "Status: correct".

If there is no certificate issuer, where do all these certificates come from? Who is actually issuing them? And why does claws seem to aquire a new one every time it downloads email? And why are they "correct" to begin with but not ten minutes later?

The problem is that I don't understand the infrastructure that supports SSL and so far I haven't found a HOWTO that is pitched to my level of ignorance.

The problem is gmail-specific. It doesn't affect Yahoo, which I also access by pop3. It affects both pop and smtp in gmail but not apparently https. It arose suddenly in a version of claws that had behaved itself until then and I don't think there was a gnutls update to cause it either (I did update gnutls yesterday but that hasn't cleared it). All that suggests that gmail is at fault. But in that case why is there this deafening silence on the Web?

[hazel]

It seems to have cleared up by itself. Yesterday it was still playing up, but today I haven't had any requests to accept new certificates and I've been online since 11:00 AM. I assume therefore the problem was with Gmail and not with me.