On Fri, 6 Dec 2013 08:02:34 +0000 mick mbm@rlogin.net allegedly wrote:
(More later when I have re-configured dovecot and re-installed K9)
And here is the "more".
Summary - reconfiguring dovecot (/etc/dovecot/conf.d/10-ssl.conf) to use the same X509 cert as I use for postfix solved the problem. I can now both send and receive with K9 without having to reload and re-accept certs when switching from sending to receiving (and vice versa).
My thanks to Steve for pointing out the post at
http://code.google.com/p/k9mail/issues/detail?id=3716
where one of the K9 project members said:
"the problem is that your imaps and your smtps certifcate don't match. we store the certs with their CN. So if the CN is the same but the cert is different we get a problem.
The fix is complexe and breaks backward compability so we can't apply it. I know this does not sound good :/ there is some missing feature which is an blocker on this issue, but i can't give you an timetable when this missing part is addressed.
I fear the only thing you can do about this is to change your smtps cert to be the same as your imaps cert."
My (ahem) excuse for not having solved this myself with a bit of searching is that I originally had the problem in late 2011 or early 2012. The fix in question only appears in September 2012 when I had long ceased using K9 (and so did not search further).
Although both my postfix and dovecot certs used the same configuration parameters (in particular the critical server name at CN), because I had generated them separately (at different times) the certificates and key files were totally different. Now that I point to the same file for both postfix and dovecot, I have no problems.
Mick
---------------------------------------------------------------------
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------