Closed Bug 1180590 Opened 9 years ago Closed 9 years ago

Can't use self signed certificates on Firefox OS email

Categories

(Firefox OS Graveyard :: Gaia::E-Mail, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 874346

People

(Reporter: sole, Unassigned)

Details

(Keywords: DevAdvocacy)

I am trying to set up my self-hosted email but I can't finish the process because the system won't accept self-signed certificates. All other clients I've used so far will allow for this exception: Thunderbird and Mail.app on desktop, K-9, Gmail, Mail on Android. For example, in Thunderbird it will let me know that this certificate is "invalid", let me see it and allow me to "Confirm this exception" permanently if I want to.

To make matters worse, the message I am given on the screen when I go to the manual setup form and enter all my (correct) details is: "Unable to establish a secure connection with mail.example.com. There may be a problem with your network or the server".

But there is absolutely no problem with the network or the server.

If I pull the logs using ADB this is what is actually happening:

I/Gecko   (29207): [ImapClient] normalized-error  {"error":{"name":"SecurityUntrustedCertificateIssuerError","message":""},"errorName":"SecurityUntrustedCertificateIssuerError","errorMessage":"","socketLevelError":"bad-security","protocolLevelError":null,"reportAs":"bad-security"}
I/Gecko   (29207): [ImapClient] connect-error  {"error":"bad-security"}
I/Gecko   (29207): [ImapClient] normalized-error  {"error":"bad-security","socketLevelError":"bad-security","reportAs":"bad-security"}
I/Gecko   (29207): [SmtpClient] analyzed-error  {"rawError":{"name":"SecurityUntrustedCertificateIssuerError","message":""},"rawErrorName":"SecurityUntrustedCertificateIssuerError","rawErrorMessage":"","normalizedError":"bad-security","errorName":"SecurityUntrustedCertificateIssuerError","errorMessage":"","wasSending":false}
I/Gecko   (29207): [SmtpClient] connect-error  {"error":"bad-security","connInfo":{"emailAddress":"email@example.com","hostname":"mail.example.com","port":"465","crypto":"ssl"}}
I/Gecko   (29207): [SmtpClient] analyzed-error  {"rawError":"bad-security","normalizedError":"bad-security","wasSending":false}
I/Gecko   (29207): [SmtpProber] error  {"error":"bad-security","connInfo":{"emailAddress":"email@example.com","hostname":"mail.example.com","port":"465","crypto":"ssl"}}

(Note: I've replaced my server and my email by example.com addresses)

So in the benefit of not leaving users in a state of bewilderment, I suggest we start by showing the *actual error* while we implement the ability to use self-signed certificates.
Summary: Can't use self signed certificates → Can't use self signed certificates on Firefox OS email
Bug 874346 tracks this issue and the "user story" section has some background on it. In short, it is really best for these certificates to be registered with gecko/b2g, so some work needs to be done to surface a UI for adding self-signed certs.

Since the email app just relies on what gecko tells us when we try to connect, the granularity of the error is just limited to what mozTCPSocket reports. I can see the solution that would allow adding self-signed certificates would also just be the better error message replacement. However, that likely means some changes in gecko or b2g to get to that solution.

There are some workarounds mentioned in the "user story" section that might help in the meantime.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.