Return-Path: 
 <user-return-28701-apmail-commons-user-archive=commons.apache.org@commons.apache.org>
X-Original-To: apmail-commons-user-archive@www.apache.org
Delivered-To: apmail-commons-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 50FD010FF7
	for <apmail-commons-user-archive@www.apache.org>;
 Thu, 10 Oct 2013 12:16:56 +0000 (UTC)
Received: (qmail 36314 invoked by uid 500); 10 Oct 2013 12:16:52 -0000
Delivered-To: apmail-commons-user-archive@commons.apache.org
Received: (qmail 35880 invoked by uid 500); 10 Oct 2013 12:16:48 -0000
Mailing-List: contact user-help@commons.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@commons.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@commons.apache.org>
List-Post: <mailto:user@commons.apache.org>
List-Id: <user.commons.apache.org>
Reply-To: "Commons Users List" <user@commons.apache.org>
Delivered-To: mailing list user@commons.apache.org
Delivered-To: moderator for user@commons.apache.org
Received: (qmail 88927 invoked by uid 99); 10 Oct 2013 08:55:44 -0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of carlerberg@gmail.com
 designates 209.85.215.43 as permitted sender)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=Sdq1m2gzy6Kp69As8GhYvheorrqt8WffwMjz9SfU5Hs=;
        b=obt5SwPn0bA150SLR3fxzicsUx9OJmcZXwQF3doFu9cPa6LUCRudEfwyrfS6FomhfR
         hPGW88mfjUFKBDO7W9Wf+cTFbEp9FJG6jJQIHh6wp50fg68VVwX7vlt1i23oeQG8Yg75
         cNDYHbvEUW1yHQJmAnxcKndkb6Ss2XhAsv1EvN27AbZFJe7mngAjxEq58AmsXdfwMqqP
         jF95Ux+o6PFT9NEyu6or02k6bt7zhF7jzNMUFOEdCk0amNXjno8pLCiUfuyq45u7MN7/
         mDzF4MOhhapf5ijTd2NTwTah+ySbzbKqhLQjpsAiXCmqjQG9grqBKU3d/OUIpIpdsMgL
         wEbQ==
MIME-Version: 1.0
X-Received: by 10.152.120.228 with SMTP id lf4mr393587lab.44.1381395318707;
 Thu, 10 Oct 2013 01:55:18 -0700 (PDT)
In-Reply-To: <5255BFA7.2000807@gmail.com>
References: 
 <CAGYs6nRS6pkeeoxScJC3xcNiv4cHLY9Ho+SagXMET9DzO2f1Vg@mail.gmail.com>
	<5255BFA7.2000807@gmail.com>
Date: Thu, 10 Oct 2013 10:55:18 +0200
Message-ID: 
 <CAGYs6nQb163SM4muYkn1F=GcKWZtqU-6Y=Ec9Yiir7ZMB+GzAg@mail.gmail.com>
Subject: Re: [email] TLS not verified properly (security issue)
From: Carl Erberg <carlerberg@gmail.com>
To: Commons Users List <user@commons.apache.org>
Content-Type: multipart/alternative; boundary=089e01176915441ca904e85f29b4
X-Virus-Checked: Checked by ClamAV on apache.org

--089e01176915441ca904e85f29b4
Content-Type: text/plain; charset=UTF-8

Hi Thomas,

thanks for your help and pointing out System.setProperty("javax.net.debug",
"all");
I found out that I had two problems:

a) I had the key for that CA added to my Debian system some time ago so the
validation which I expected to fail did not. I just didn't remember. Stupid
me.

b) I used the gnu javamail implementation. This one still does not
complain, even when I remove my CA from the system via "dpkg-reconfigure
ca-certificates" .  Now I use the jar from
https://java.net/projects/javamail/pages/Home and everything works as it
should (i.e. I get an error when the CA is removed).

Could you test your example with the gnu javamail? I would be interested if
my CA is still stored in some other keystore used by gnu javamail or if gnu
javamail has a problem.

Thanks

Carl

--089e01176915441ca904e85f29b4--