Closed Bug 1778464 Opened 2 years ago Closed 2 years ago

POP3 Certificate Error for self-signed after Upgrade from TB 91 to TB 102

Categories

(MailNews Core :: Networking: POP, defect)

Product:
MailNews Core
Component:
Networking: POP
Version:
Thunderbird 102
Type:
defect

Tracking

(thunderbird_esr102+ fixed, thunderbird103 affected)

Status:
RESOLVED FIXED
Milestone:
104 Branch
Tracking Flags:
Tracking Status
thunderbird_esr102 + fixed
thunderbird103 --- affected

People

(Reporter: fernm, Assigned: rnons)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: regression)

Attachments

(3 files)

Error Console when trying to fetch
124.36 KB, image/png
Details
POP3 account server setting
46.21 KB, image/png
Details
Bug 1778464 - Support self-signed certificates in pop3-js. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
wsmwk
: approval-comm-esr102+
Details | Review

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0

Steps to reproduce:

Try to fetch mail from POP3 account

Actual results:

Error occurs, no mails fetched.

Please tell how I can assist you in further debugging.

This is the pop3 server certificate:

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ac:fb:55:89:d9:76:f2:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: OU = POP3 server, CN = regen.heimnetz.zone, emailAddress = user@regen.heimnetz.zone
Validity
Not Before: Dec 12 17:30:09 2015 GMT
Not After : Dec 9 17:30:09 2025 GMT
Subject: OU = POP3 server, CN = regen.heimnetz.zone, emailAddress = user@regen.heimnetz.zone
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)
Modulus:
00:ba:fc:db:87:cf:47:c4:f7:fc:58:87:ce:55:cf:
[...]
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type:
SSL Server
Signature Algorithm: sha256WithRSAEncryption
5b:46:c0:8a:21:c8:80:83:0e:1e:68:9a:c7:10:9d:6f:eb:6a:
[...]

Expected results:

Mails fetched.

POP3-Server (Dovecot 2.3.18) says:

dovecot[1210]: pop3-login: Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=192.168.1.10, lip=192.168.1.1, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<ritsojTj1MnAqAEK>

Fetching with the POP3 account with TB 91 and all versions before worked for years, after Update to TB 102 now I get this error message and it does not work anymore.

Exact version with this issue: TB 102.0.1

I have the above mentioned self signed server certificate in the TB server certificate store.

BTW would be good if failure to fetch POP3 mails would result in a user interface error message popup.
Right now, I only recognized the failure because I was missing mails.

Blocks: tb102found

Thanks for reporting, will make a fix soon.

Pass urlListener to Pop3Client before connecting, to receive failedSecInfo.

Assignee: nobody → remotenonsense
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
status-thunderbird_esr102: --- → affected
Keywords: regression
Regressed by: pop3-js
status-thunderbird103: --- → affected
tracking-thunderbird_esr102: --- → +
Keywords: checkin-needed-tb
Summary: POP3 Certificate Error after Upgrade from TB 91 to TB 102 → POP3 Certificate Error for self-signed after Upgrade from TB 91 to TB 102
Target Milestone: --- → 104 Branch

Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/d89c7e2f1253
Support self-signed certificates in pop3-js. r=#thunderbird-reviewers

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED

Comment on attachment 9284642 [details]
Bug 1778464 - Support self-signed certificates in pop3-js. r=#thunderbird-reviewers

[Approval Request Comment]
Regression caused by (bug #): bug 1707548
User impact if declined: Self signed certificates don't work with pop3-js
Testing completed (on c-c, etc.): c-c
Risk to taking this patch (and alternatives if risky): low

Attachment #9284642 - Flags: approval-comm-beta?

Will this be fixed in TB 102? With todays update to 102.0.3 the issue is still.

(In reply to Arvidt from comment #9)

Will this be fixed in TB 102? With todays update to 102.0.3 the issue is still.

Yes, we need to land the patch to 104beta first, then I will uplift to 102esr.

Comment on attachment 9284642 [details]
Bug 1778464 - Support self-signed certificates in pop3-js. r=#thunderbird-reviewers

[Approval Request Comment]
Regression caused by (bug #): bug 1707548
User impact if declined: Self signed certificates don't work with pop3-js
Testing completed (on c-c, etc.): beta
Risk to taking this patch (and alternatives if risky): low

Attachment #9284642 - Flags: approval-comm-beta? → approval-comm-esr102?

Comment on attachment 9284642 [details]
Bug 1778464 - Support self-signed certificates in pop3-js. r=#thunderbird-reviewers

[Triage Comment]
Approved for esr102

Attachment #9284642 - Flags: approval-comm-esr102? → approval-comm-esr102+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: