1 files changed, 24 insertions, 5 deletions

diff --git a/src/leap/bitmask/services/mail/smtpbootstrapper.py b/src/leap/bitmask/services/mail/smtpbootstrapper.py
index cd871803..a577509e 100644
--- a/src/leap/bitmask/services/mail/smtpbootstrapper.py
+++ b/src/leap/bitmask/services/mail/smtpbootstrapper.py
@@ -18,6 +18,9 @@
 SMTP bootstrapping
 """
 import os
+import warnings
+
+from requests.exceptions import HTTPError
 
 from leap.bitmask.config.providerconfig import ProviderConfig
 from leap.bitmask.crypto.certs import download_client_cert
@@ -87,7 +90,7 @@ class SMTPBootstrapper(AbstractBootstrapper):
         logger.debug("Using hostname %s for SMTP" % (hostname,))
 
         client_cert_path = self._smtp_config.get_client_cert_path(
-            self._provider_config, about_to_download=True)
+            self._userid, self._provider_config, about_to_download=True)
 
         if not is_file(client_cert_path):
             # For re-download if something is wrong with the cert
@@ -99,9 +102,25 @@ class SMTPBootstrapper(AbstractBootstrapper):
                 check_and_fix_urw_only(client_cert_path)
                 return
 
-            download_client_cert(self._provider_config,
-                                 client_cert_path,
-                                 self._session)
+            try:
+                download_client_cert(self._provider_config,
+                                     client_cert_path,
+                                     self._session, kind="smtp")
+            except HTTPError as exc:
+                if exc.message.startswith('403 Client Error'):
+                    logger.debug(
+                        'Auth problem downloading smtp certificate... '
+                        'It might be a provider problem, will try '
+                        'fetching from vpn pool')
+                    warnings.warn(
+                        'Compatibility hack for platform 0.7 not fully '
+                        'supporting smtp certificates. Will be deprecated in '
+                        'bitmask 0.10')
+                    download_client_cert(self._provider_config,
+                                         client_cert_path,
+                                         self._session, kind="vpn")
+                else:
+                    raise
 
     def _start_smtp_service(self):
         """
@@ -117,7 +136,7 @@ class SMTPBootstrapper(AbstractBootstrapper):
         host = hosts[hostname][self.IP_KEY].encode("utf-8")
         port = hosts[hostname][self.PORT_KEY]
         client_cert_path = self._smtp_config.get_client_cert_path(
-            self._provider_config, about_to_download=True)
+            self._userid, self._provider_config, about_to_download=True)
 
         from leap.mail.smtp import setup_smtp_gateway