Closed Bug 1893899 Opened 18 days ago Closed 15 days ago

Getting messages by changing folder won't work if there's a certificate error

Categories

(Thunderbird :: General, defect)

Product:
Thunderbird
Component:
General
Type:
defect

Tracking

(thunderbird_esr115 wontfix)

Status:
RESOLVED FIXED
Milestone:
127 Branch
Tracking Flags:
Tracking Status
thunderbird_esr115 --- wontfix

People

(Reporter: darktrojan, Assigned: darktrojan)

References

(Regressed 2 open bugs)

Details

Attachments

(1 file)

Bug 1893899 - Improve notifications about certificate errors when fetching mail. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
Details | Review

Opening a folder causes Thunderbird to connect to the server and check for new messages. This isn't working if there is a certificate error. When I wrote a test for getting messages with a certificate error, it only checks what happens if you click the Get Messages button, which works.

At least in the IMAP case, we're correctly setting the failed security info on the URL for URL listeners to pick up later, but there are no listeners.

(Edit: There is a listener, but it's just the folder being updated. Which helps nobody.)

I've decided that just showing the "add certificate exception" dialog when a cert error is encountered isn't such a great idea. It encourages users to add exceptions, which makes them less safe. Especially in the case of a MITM attack, which looks and feels exactly the same as other certificate errors. (We should change that.)

Instead we should show an alert notification, just like we do for other connection errors, which then opens the exception dialog if it's clicked on. I will admit that part of the reason to do this is because it's much easier to implement. That said it's still taken me a large chunk of today.

That is indeed the way to go! (And the way it was the way it was.)

  • Changes the behaviour when a certificate error is encountered. Instead of just showing the
    certificate override dialog box, show a notification which opens the dialog if it is clicked on.
  • Uses a different notification text depending on the type of error. Domain mismatch (potential
    man-in-the-middle) errors will not show the certificate override dialog at all.
  • Surfaces errors that appear from changing the displayed folder. Previously these just silently failed.
  • Tests all of the above.
status-thunderbird_esr115: --- → wontfix
Keywords: checkin-needed-tb
Target Milestone: --- → 127 Branch

Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/8cd02a28e621
Improve notifications about certificate errors when fetching mail. r=aleca

Status: ASSIGNED → RESOLVED
Closed: 15 days ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED
Regressions: 1894672
Regressions: 1894772
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: