Open Bug 1061605 Opened 10 years ago Updated 2 years ago

Silent fail with expired SSL certificate on OS X

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
31 Branch
Platform:
x86
macOS
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: ich, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36

Steps to reproduce:

I have a mailserver configured with StartTLS and our ssl certificate has expired. I then try to fetch mails from this mailserver.


Actual results:

Thunderbird gets stuck at "Checking mailserver capabilities" (roughly translated from german, it says "Überprüfe Funktionsumfang des Mailservers"). No error message appears, no e-mails can be fetched.


Expected results:

1. Tell me that the certificate has expired
2. Ask me to ignore it or to add a security exception for this certificate
3. Either way: fetch mails
Does setting security.use_mozillapkix_verification to false help?

Can you provide server details?
Component: Untriaged → Security
The setting does help. The problem exists also on thunderbird 31 for linux.

What kind of server details do you need?
Mail server name should be sufficient.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.