Closed Bug 1851793 Opened 2 years ago Closed 2 years ago

Non-overridable TLS error with an IMAP server using wildcard certificate

Categories

(Thunderbird :: Untriaged, defect)

Product:
Thunderbird
Component:
Untriaged
Version:
Thunderbird 102
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1840244

People

(Reporter: avamander, Unassigned)

Details

Steps to reproduce:

I've started up Stalwart (https://stalw.art) IMAP server and I'm trying to connect to it.

The server is configured to use a wildcard certificate from LetsEncrypt (using their Elliptic CA). It is confirmed valid by other software such as web browsers and OpenSSL s_client. The server supports TLSv1.2 and TLSv1.3.

So it seems that Thunderbird doesn't find the *.example.com certificate valid for imap.example.com, even though it is.

Actual results:

Thunderbird tries to connect to the IMAP server (port 993, TLS). Displays an error

Non-overridabe TLS error occurred. Handshake error or probably the TLS version or certificate used by server imap.example.com is incompatible.

Stalwart logs say utils::listener::listen: Failed to accept TLS connection: received fatal alert: BadCertificate context="tls" event="error".

Expected results:

Connection succeeds or a more detailed error message is displayed.

I'm improving the logging slightly in bug 1840244.
But, probably something is wrong with your cert (or setup).

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Duplicate of bug: 1840244
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.