Re: [Evolution] Problems with evo: Error writing data to TLS socket: The specified session has been invalidated for some reason.

[Svante Signell <svante signell gmail com>]

On Sat, Mar 16, 2019 at 11:22 AM Pete Biggs <pete biggs org uk> wrote:

> [imapx:*] Failed to open a new connection, while having 0 opened, with error: Error reading data from TLS socket: The specified session has been invalidated for some reason.; will limit connections: no
>

Have you done any searches on that error?

http://lmgtfy.com/?q=Error+reading+data+from+TLS+socket%3A+The+specified+session+has+been+invalidated+for+some+reason

Yes I have. Did not find anything useful.

It is specifically not an Evolution error, it's something that is
returned by GnuTLS when, presumably, the session connection doesn't
work.  Looking at the various solutions for *other applications* it is
most often to do with bad certificates.

How dependent on systemd and network-manager is evolution?

The fact that it's still an issue when you "downgrade" Evolution shows
that it's something to do with your environment and nothing to do with
Evolution.  Lots and lots of people use Gmail with Evolution without
any issues.

I've been doing that too, and still are on other boxes. But have problems on this one.

(BTW, downgrading Evolution is a dangerous thing to do - there are
occasionally updates to the storage locations and formats that make
things not backward compatible.)

Ok, upgrading again. It was an upgrade of qemu made on 28 Feb that broke evo for me. I can find

which packages were upgraded then. The list is rather long.

Milan gave you some gnutls-cli commands to try. All you said was that
they worked, could you check again that the certificate chain is
sensible - there are probably two certificates - the "Google Internet
Authority" one and a Globalsign trusted certificate.

Yes, there are two certificates:

 Processed 173 CA certificate(s).
Resolving 'imap.gmail.com:993'...
Connecting to '64.233.161.108:993'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `CN=imap.gmail.com,O=Google LLC,L=Mountain View,ST=California,C=US', issuer `CN=Google Internet Authority G3,O=Google Trust Services,C=US', serial 0x735716c43f288586b84681b4a34d4fa5, RSA key 2048 bits, signed using RSA-SHA256, activated `2019-03-01 09:31:19 UTC', expires `2019-05-24 09:24:00 UTC', pin-sha256="fNTKxpz0X+p5V8OxvvKfcJGoqkQvTT0KxNo5oaFeaO4="
    Public Key ID:
        sha1:7b80754e0d38a1c7621949fd7688977690ab0d72
        sha256:7cd4cac69cf45fea7957c3b1bef29f7091a8aa442f4d3d0ac4da39a1a15e68ee
    Public Key PIN:
        pin-sha256:fNTKxpz0X+p5V8OxvvKfcJGoqkQvTT0KxNo5oaFeaO4=

- Certificate[1] info:
 - subject `CN=Google Internet Authority G3,O=Google Trust Services,C=US', issuer `CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2', serial 0x01e3a9301cfc7206383f9a531d, RSA key 2048 bits, signed using RSA-SHA256, activated `2017-06-15 00:00:42 UTC', expires `2021-12-15 00:00:42 UTC', pin-sha256="f8NnEFZxQ4ExFOhSN7EiFWtiudZQVD2oY60uauV/n78="
- Status: The certificate is trusted.
- Description: (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
- Options:
- Handshake was completed

- Simple Client Mode:

* OK Gimap ready for requests from 2.248.159.26 x18mb271852591ljc
^C

Since the Google certificate is properly signed, Evolution shouldn't
need to care about it, but just in case look in the Evo certificate
cache (Edit -> Preferences -> Certificates -> Mail).  If there are any
Google, gmail, googlemail certificates in there you should probably
delete them.

Empty list!

Finally, if all else fails, create a new Linux user account and try and
configure Evolution there so you start with a clean configuration.
That will tell you if the underlying problem is with your
machine/network or with the account config.

I did already up test by creating a new email account. The setup was smooth,

all needed data was found by contacting google.