1441427 - Cannot Send Email - TBird 60 claims SMTP Server cert is invalid

Status: RESOLVED WORKSFORME

(Thunderbird :: Security, defect)

Description

[Mark Barnes [:WoofGrrrr]]

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Build ID: 20180206200532

Steps to reproduce:

i tried to send an email

For over 10 years, my ISP's SMTP server has been smtp.1and1.com:587 




Actual results:

Thunderbird Daily 60.0a1 (2018-02-26 64-bit) claims that my ISP's SMTP Server's certificate is invalid.

This is the most-recent release of DAILY, installed yesterday.

It prevents me from sending outgoing email.

I get a dialog with the title "Add Security Exception". The dialog says that the site with location smtp.1and1.com:587 "attempts to identify itself with invalid information. " It also says "Unknown Identity" and "The certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure signature."

When I switch to the most-recent release of Thunderbird - 52.6.0 (32-bit), there is no such problem.



Expected results:

My email should have been sent with no problem

Comment 1

[Mark Barnes [:WoofGrrrr]]

This continues to be a problem with today's release of DAILY 60.0a1 (2018-02-27 64-bit)




GEE, it would be so nice if I could copy and paste the following info from the DAILY Certificate Viewer Dialog!!!

SSL Certificate Hierarchy:
thawte Primary Root CA
thawte SSL CA - G2
smtp.1and1.com

Serial Number: 5D:E6:0C:18:CE:F1:E6:9C:CE:5A:DD:58:3C:F4:5B:D4

Comment 2

[Jorg K (CEST = GMT+2)]

Difficult issue. Certificate handling in Thunderbird is mostly done by Mozilla core software (also used in Firefox). Apparently something has changed in this handling between TB 52 and TB 60.

Usually I recommend trying an equivalent case in Firefox. Maybe you could export the certificate and import it into FF to see what happens.

Comment 3

[Wayne Mery (:wsmwk)]

(In reply to Jorg K (GMT+1) from comment #2)
> Difficult issue. Certificate handling in Thunderbird is mostly done by
> Mozilla core software (also used in Firefox). Apparently something has
> changed in this handling between TB 52 and TB 60.
> 
> Usually I recommend trying an equivalent case in Firefox. Maybe you could
> export the certificate and import it into FF to see what happens.

Mark what are your results with this?

Comment 4

[Mark Barnes [:WoofGrrrr]]

I don't know how to so what you ask.  Also, how do I test the cert they use for SMTP, but from Firefox?

I finally just gave up and accepted the exception.

Comment 5

[Wayne Mery (:wsmwk)]

Mark,

How long before Feb 26 had you been using daily before reporting the bug?

Comment 6

[Wayne Mery (:wsmwk)]

(In reply to Mark Barnes from comment #4)
> I don't know how to so what you ask.

First see whether there is an import error in Firefox.
1. In Thunderbird, tools > options > advanced > certificates > manage certificates > pick the cert and do Export
2. In Firefox, tools > options > privacy > view certificates > pick Import

> Also, how do I test the cert they use for SMTP, but from Firefox?

Jorg, what did you have in mind?

Comment 7

[Jorg K (CEST = GMT+2)]

About what you said, export from TB, import in FF. I recently had a certificate error when the certificate was issued for gmx.com, but TB was configured to use gmx.es.

If the error is what you mentioned in comment #0, "The certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure signature.", then you really need to see who issued it. Any hints on Google with others at 1and1 having a similar problem?

Comment 8

[Mark Barnes [:WoofGrrrr]]

The problem was with Daily only.

I have just deleted the certificate exception, sent myself an email, and the problem no longer exists