Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Support Server Name Indication (SNI) #3296
K-9 should use Server Name Indication to send the name of the server it is connecting to, so the server knows to send the correct certificate. So when I connect to mail.kingqueen.org.uk, K-9 tells the server it is connecting to mail.kingqueen.org.uk and the server then sends K-9 the SSL certificate for mail.kingqueen.org.uk. (The server serves as the MX for multiple domains, all on the same IP.)
K-9 appears to not supply the server name. The server therefore reverts to its default certificate and supplies the certificate for server3.pcs-net.com. K-9 then advises that the certificate does not match the server name, unless I change the server set in K-9 from mail.kingqueen.org.uk to server3.pcs-net.com or manually accept the certificate in K-9.
Steps to reproduce
Attempt to send or retrieve mail over TLS using a FQDN hosted on a server that uses SNI to support multiple domain names.
Given depletion of IPv4 addresses, this issue is likely to affect more users over time.
I see references to SNI in the source code in two places, but they don't appear to relate to K-9's use of such for mail transfer and I couldn't find any reference to SNI in Github issues.
K-9 Mail version 5.403
Android version: 7.1.1
Account type (IMAP, POP3, WebDAV/Exchange):