Clicking "confirm security exception" triggers error, cannot fetch mail
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
People
(Reporter: jberkus, Unassigned)
Details
Attachments
(1 file)
|
51.33 KB,
image/png
|
Details |
Screenshot from 2021-02-16 21-11-45.png
I'm using Thunderbird 78.7.0, in a Flatpak, on Fedora Silverblue 34.
When trying to set up a secure email connection to a sever with a self-signed certificate, I cannot confirm the SSL security exception. The Confirm Security Exception dialog pops up, but clicking "Confirm Security Exception" just triggers an error in the console, and the dialog box doesn't go away, and mail is never retrieved.
I retrieved mail from this same server for years using Thunderbird 68, and never encountered this issue. However, it now happens whether I use an imported profile (which already has the security exception) or create a new profile (which has an empty cert_override file).
Note that clicking "Get Certificate" also causes the dialog to hang forever.
The error is follows. I am looking for (a) a workaround to let me retrieve my mail (maybe by disabling cert checking entirely) and (b) to solve the issue. The issue is 100% reproducable. I'm happy to try upgrading if I can get a Flatpak of a later version. Thanks!
Uncaught
Exception
columnNumber: 0
data: null
filename: "chrome://pippki/content/exceptionDialog.js"
lineNumber: 156
location: XPCWrappedNative_NoHelper { QueryInterface: QueryInterface(), filename: Getter, name: Getter, … }
message: "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIURI.port]"
name: "NS_ERROR_FAILURE"
result: 2147500037
stack: "getURI@chrome://pippki/content/exceptionDialog.js:156:7\naddException@chrome://pippki/content/exceptionDialog.js:386:13\n_fireButtonEvent@chrome://global/content/elements/dialog.js:487:19\n_doButtonCommand@chrome://global/content/elements/dialog.js:466:29\n_handleButtonCommand@chrome://global/content/elements/dialog.js:460:19\nInformUserOfCertError@chrome://messenger/content/mailWindow.js:685:10\nOnStopRunningUrl@chrome://messenger/content/mailWindowOverlay.js:2940:30\n"
<prototype>: ExceptionPrototype { toString: toString(), name: Getter, message: Getter, … }
exceptionDialog.js:156
|
Reporter | |
Comment 1•4 years ago
•
|
||
A big part of the problem seems to be that Thunderbird identifies the certificate as "mail.corp.redhat.com:993" when the certificate is "mail.corp.redhat.com". The certificate at "mail.corp.redhat.com" retrieves fine, and verifies fine. But the additon of ":993" to it seems to be messing everything up.
|
|
Reporter | |
Comment 2•4 years ago
•
|
||
comment removed, superceded
|
|
Reporter | |
Comment 3•4 years ago
|
||
FOUND workaround, so please just keep this open for solving the eventual bug.
Here's the workaround:
- Preferences-->General-->Config Editor
- Add new string network.security.ports.banned.override with the value of "993" (or whatever the broken port number is)
- Preferences-->Security-->Certificates-->Manage Certificates-->Servers
- Add Exception
- Type https://mail.corp.redhat.com:993 into the cert field
- Get Certificate
- Click "confirm security exception"
I can now download mail. This also confirms that TB appending :993 to the name of the cert it's seeking is the source of the issue.
|
|
Reporter | |
Comment 4•4 years ago
|
||
For some reason, the above workaround does NOT work for port 587 and secure SMTP
|
|
Reporter | |
Comment 5•3 months ago
|
||
Closing, since I cannot verify that this is still a problem in current TB.
Description
•