Open Bug 1677890 Opened 4 years ago Updated 6 months ago

Seamonkey 2.53.5 could not successfully store self-signed certificates

Categories

(SeaMonkey :: Security, defect)

Product:
SeaMonkey
Component:
Security
Version:
SeaMonkey 2.53
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: tahir, Unassigned)

Details

Attachments

(2 files)

cert-db.zip : cert9.db and cert_override files including the relevant self-signed certificate
156.88 KB, application/x-zip-compressed
Details
Cannot view/export stored (exceptional) certificates
5.21 MB, video/mp4
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

Steps to reproduce:

  1. I have started mail/news.
  2. I have clicked on an IMAP folder. The related server has a self-signed certificate unknown to Seamonkey.
  3. Security dialog appears. It mentions authentication method is not correct (it is indeed correct). It asks for permanently storing the self-signed certificate.
  4. I click to permanently store self-signed certificate.
  5. Dialog disappears as if storage has been succeed, but IMAP connection cannot be established.
  6. If checked at that stage, certificate store includes an [unknown] certificate seems like it has been stored. However, it cannot be exported or viewed, but could be deleted. After the deletion, issue remains if you start over from #1.
  7. If you continue to repeat #1 to #6, the security dialog shown on #3 getting larger at each iteration and exceeds screen size.

Actual results:

The certificate could not be stored.

Expected results:

It should be stored and be effective during connections.

I've been testing against my own self-signed IMAP certificate for a Dovecot server running on Fedora. The IMAP server settings in SeaMonkey are set to SSL/TLS connection security on port 993 with authentication method set to "Normal Password".
On first connection I am prompted whether I want to store a permanently store the exception and confirm the security exception. It then lets me get new messages. The certificate is listed in Manage Certificates and is viewable/exportable. I've not had any problems with connecting.
What AV software do you have installed?

My environment is a regular 64-bit Win 10. No additional antivirus apart from Microsoft's own Defender.

One difference could be my IMAP settings on Seamonkey:
It is set to STARTTLS connection security on port 993 (not on the default 143) with authentication method set to Normal Password.

I believe it is mostly relevant to importing a new certificate exception over another. Let me test if it is reproducible for importing a new certificate exception for a previously unknown domain.

For 2.53.5.1, certificate exceptions have been imported. Both from scratch or over an existing certificate exception.

However, view/export still seems problematic. I attach my experience.

Version: SeaMonkey 2.53 Branch → SeaMonkey 2.53
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: