Custom CA cert store for self-signed certificates

[GoogleCodeExporter]

I have made a patch against latest build which upgrade kcaldav to use the
latest version of libcaldav since the lastest version of libcaldav is
introducing a major API change.

After applying the patch the configuration dialog remains to be upgrade to
take advantage of the new features in libcaldav.

1) Disable verification of peer certificate (self signed, unknown issuer etc)
2) Apply a different cacert store than the default

Also debugging or not should be configurable

regards,
Michael - upstream developer of libcaldav.

Original issue reported on code.google.com by mirtat...@gmail.com on 30 Mar 2010 at 1:11

[GoogleCodeExporter]

The patch provided as attached file. It requires latest source from subversion.

Original comment by mirtat...@gmail.com on 30 Mar 2010 at 8:49

Attachments:

• add_lastest_version_of_libcaldav.patch
• libcaldav-0.5.0.tar.gz

[GoogleCodeExporter]

Disregard add_lastest_version_of_libcaldav.patch and use this instead. It also
contains fixes for the CMake build script so that it will compile on KDE-4.x

Original comment by mirtat...@gmail.com on 30 Mar 2010 at 1:55

Attachments:

• add_lastest_version_of_libcaldav-1.patch

[GoogleCodeExporter]

Here is a patch which extends the config dialog so that users can enter a custom
CAcert Store instead of the system default. Also a checkbox is added allowing 
users
to choose whether Peer certificates should be verified or not - eg. self sign
certificates. Settings of course are on a per resource basis. This patch 
requires
newest version af libcaldav from subversion.

Original comment by mirtat...@gmail.com on 1 Apr 2010 at 10:05

Attachments:

• modify_configure_dialog_to_enable_extra_settings.patch

[GoogleCodeExporter]

Original comment by kumaran....@gmail.com on 14 Jun 2010 at 11:37

• Changed title: Custom CA cert store
• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

Issue 18 has been merged into this issue.

Original comment by kumaran....@gmail.com on 14 Jun 2010 at 11:39

[GoogleCodeExporter]

Original comment by kumaran....@gmail.com on 14 Jun 2010 at 11:39

• Changed title: Custom CA cert store for self-signed certificates

[GoogleCodeExporter]

Would it be possible to have a new version of the patch issued or have it 
rolled into 1.1.0? I love this project but I'm using Davmail to translate 
Exchange for my android phone and I need SSL in place for secure IMAP.

Original comment by cmch...@gmail.com on 14 Oct 2010 at 2:18

[GoogleCodeExporter]

I would like to vote for the resolution of this issue, if possible. We have 
setup a sogo calendar server in my workplace and kontact/korganizer, which is 
my preferred PIM, does not support the server's self-signed certificates. This 
is getting me to reconsider migrating my 5.8Gb mail store to 
thunderbird+lightning.

Original comment by joao.cal...@gmail.com on 12 Nov 2010 at 2:58

[GoogleCodeExporter]

I updated mirtattoo's patch to work against release 1.2.0.

In the course, I had to extend the included patch for libcaldav-0.6.2 because 
libcaldav ignored the actual settings. These extra changes should eventually 
find their way into libcaldav and I will query the developers about it.

Original comment by elwe...@gmail.com on 21 Dec 2010 at 2:32

Attachments:

• kcaldav-1.2.0-allow_skipping_ssl_certificate_verification.patch

[GoogleCodeExporter]

With the kcaldav-1.2.0-allow_skipping_ssl_certificate_verification.patch and 
the tips in issue 20 I was able to get the google calendar. However, I am still 
unable to save it since I get the following error:

Error while saving blabla_cal.
Unknown error, code: -2, message: Peer certificate cannot be authenticated with 
known CA certificates.

Any ideas?

Original comment by octav...@gmail.com on 6 Jan 2011 at 3:55

[GoogleCodeExporter]

As a temporal workaround, just add the server's SSL certificate into 
/etc/ssl/certs/ca-certificates.crt .

Original comment by Ivan.Llo...@gmail.com on 27 May 2011 at 10:31