Open
Bug 1151264
Opened 9 years ago
Updated 2 years ago
OCSP validation failure results in very misleading error message
Categories
(MailNews Core :: Networking: IMAP, defect)
Tracking
(Not tracked)
UNCONFIRMED
People
(Reporter: oskar, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0 Build ID: 20150326190726 Steps to reproduce: Thunderbird gave me the following error when trying to fetch mail: "The IMAP server XYZ does not support the selected authentication method. Please change the 'Authentication method' in the 'Account Settings | Server settings'." In my IMAP server (dovecot) I could see the following being logged: dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=<ip>, lip=<ip>, TLS, session=<...> I use a StartCom SSL free certificate, and it turns out they have issues with their OCSP server. Firefox gave me this error when browsing to a site with the same certificate: "The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert)" It would be useful if Thunderbird could give the same kind of error message. Actual results: (see above) Expected results: (see above)
Reporter | ||
Comment 1•9 years ago
|
||
I should also add, disabling OCSP fixes the issue, so this bug is only about the actual error message being (somewhat) misleading.
The message seems to be produced at http://mxr.mozilla.org/comm-central/source/mailnews/imap/src/nsImapProtocol.cpp#8368 . I am not sure we have enough information what exactly failed at that spot.
Component: Untriaged → Networking: IMAP
Product: Thunderbird → MailNews Core
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•