Open Bug 1761946 Opened 3 years ago Updated 5 months ago

Expired client certificate for account silently stops fetching mail (cert override dialog only pops up for explicit action)

Categories

(Thunderbird :: Security, defect)

Thunderbird 91
defect

Tracking

(Not tracked)

UNCONFIRMED

People

(Reporter: thijs, Unassigned)

References

Details

Steps to reproduce:

  1. Configure an email account to use an X.509 client certificate to authenticate to the mailserver.
  2. Let it expire

Actual results:

Thunderbird silently no longer fetches new mails for this account but does not present any kind of error or notice that there's a problem. It just looks like there's no new mail.

Expected results:

Pop up a notice/warning: could not fetch mail for account "x", x.509 client certificate expired, please renew it"

In case it matters, this is on MacOS 12.3.

If you click "Get messages" it will tell you.

Maybe bug 1764770 is related.

This is still the case on 110.0b4.

As for comment 2, this is not the case and clicking "Get messages" also silently does not get messages and does not tell you anything.

(In reply to Magnus Melin [:mkmelin] from comment #2)

If you click "Get messages" it will tell you.

This is true, and this error message should pop out by itself!

If someone is able to point me more or less where in the code I should give a look ad try to wire this behavior..

Ps. Confirmed still happens on 102.7 and 102.9

I don't think we want to make it too easy for a potential attacker. Say you are an attacker, if we keep popping up such a message you'd easily wain the user down to accepting it.

(In reply to Magnus Melin [:mkmelin] from comment #7)

I don't think we want to make it too easy for a potential attacker. Say you are an attacker, if we keep popping up such a message you'd easily wain the user down to accepting it.

It's not about accepting it. It's about reporting that connecting failed. Now you just get no new mail without any feedback that no connection could have been made to the mailserver.

It's btw also reproducible by not setting a client certificate at all and configuring a mailserver that requires it. Mail fetching fails silently without any indication what/something's wrong. It's reproducible in 115 beta 3.

Summary: Expired client certificate for account silently stops fetching mail → Expired client certificate for account silently stops fetching mail (cert override dialog only pops up for explicit action)
Duplicate of this bug: 1904150
You need to log in before you can comment on or make changes to this bug.