Account Setup shows multiple Invalid SSL Cert warnings for email domain (different from configured mail server)
Categories
(Thunderbird :: Account Manager, defect)
Tracking
(Not tracked)
People
(Reporter: kevin, Unassigned)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
|
4.32 KB,
application/x-yaml
|
Details |
With Thunderbird Daily build 20221003095526, after completing the Account Setup wizard for an email address where the domain in the email address does not have a valid SSL certificate (but the configured mail server does) multiple (1, then 6 more in my tests) "Add Security Exception" for invalid SSL certificate dialog boxes are shown for the email domain. Steps to reproduce:
- Start Thunderbird using a new profile.
- Enter an email address where the domain does not have a valid SSL certificate. (I used klocke@bookanomic.com with IMAP server mail.kevinlocke.name)
- Press Done. Observe the "Add Security Exception" dialog box appears for the email domain (bookanomic.com in my test).
- Press Cancel. Observe 6 more "Add Security Exception" dialog boxes appear for the email domain (bookanomic.com in my test).
I bisected the issue to pushlog https://hg.mozilla.org/comm-central/pushloghtml?fromchange=4998d4d1b4f8e39f5d3e6b9f6abcb0dbef305c94&tochange=e482bbf11ffd77fe33b6a6ece87056bd5f5a1f6d suggesting it was regressed by Bug 1769493.
The improvements planned in Bug 1744319 may be related or relevant to this issue.
|
Reporter | |
Updated•3 years ago
|
|
||
Comment 1•3 years ago
|
||
If I cancel in when the dialog appears in step 3, I don't get any further dialogs.
|
|
Reporter | |
Comment 2•3 years ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #1)
If I cancel in when the dialog appears in step 3, I don't get any further dialogs.
I can confirm the additional 6 dialogs appear on Windows in addition to my original testing on Linux. Any ideas what mioght be causing the difference or how I could help you reproduce the behavior? Would you like me to create an IMAP account on bookanomic.com for you to test? If so, how can I send you the credentials.
|
|
||
Comment 3•3 years ago
|
||
Obviously I didn't have a password, so just left that blank. Can you confirm with that?
If still needed, please send me test account details to mkmelin at thunderbird.net
|
|
Reporter | |
Comment 4•3 years ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #3)
Obviously I didn't have a password, so just left that blank. Can you confirm with that?
Good thought. I'm able to reproduce the issue by completing Account Setup with a blank password using the following information:
| Field | Value |
|---|---|
| Your full name | Test |
| Email address | test@bookanomic.com |
| Password | |
| Protocol | IMAP |
| Hostname | mail.kevinlocke.name |
| Port | 143 |
| Connection security | STARTTLS |
| Authentication method | Normal password |
| Username | test |
Let me know if there's anything else I can do to help reproduce the issue, or more information I can provide.
|
|
Reporter | |
Comment 5•3 years ago
|
||
Thanks for mentioning Bug 1792470, I missed that one. For what it's worth, the server I'm using for testing (mail.kevinlocke.name/bookanomic.com) is running Radicale too.
|
|
||
Comment 6•3 years ago
|
||
Tried it again with the steps from comment 4. I only got one dialog, accepted the exception and everything seemed to work as it should.
|
|
||
Comment 7•3 years ago
|
||
Possible interference from firewall / antivirus?
|
|
Reporter | |
Comment 8•3 years ago
|
||
Apologies for my slow reply.
(In reply to Magnus Melin [:mkmelin] from comment #6)
Tried it again with the steps from comment 4. I only got one dialog, accepted the exception and everything seemed to work as it should.
Can you confirm that you declined the security exception (i.e. pressed "Cancel"), rather than accepted (i.e. pressed "Confirm Security Exception") in step 4 from comment 4? I do not see additional dialogs after accepting the exception, only after declining.
Also, to be clear, I think a single security exception prompt for a domain the user did not configure is also a bug, although I can understand the rationale. Let me know it would be worth opening a separate bug for that issue.
(In reply to Magnus Melin [:mkmelin] from comment #7)
Possible interference from firewall / antivirus?
I think that is unlikely, since I've been able to reproduce the issue on multiple hosts with different OSes in different environments without any third-party antivirus or firewall products.
Given the apparent difficulty of reproducing this issue, I'm attaching the Ansible playbook I've used to reproduce the issue on a fresh Debian Bullseye (11.5) host. If you'd like access to the host to investigate, please send me an SSH public key (e.g. via email to kevin@kevinlocke.name).
|
|
||
Comment 9•3 years ago
•
|
||
If I press Cancel, then I at least now get multiple dialogs yes.
I guess the first one is for mail, but the other ones for calendar and address book (which may not have been detected prior to bug 1769493)?
|
|
Reporter | |
Comment 10•3 years ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #9)
I guess the first one is for mail, but the other ones for calendar and address book (which may not have been detected prior to bug 1769493)?
CalDAV and CardDAV detection makes sense to me. Perhaps there are 6 because 3 attempts are made for each? I don't understand why TB would attempt to connect to a server other than the configured incoming and outgoing servers for mail though.
Description
•