Closed Bug 1893899 Opened 2 months ago Closed 2 months ago

Getting messages by changing folder won't work if there's a certificate error


(Thunderbird :: General, defect)



(thunderbird_esr115 wontfix)

127 Branch
Tracking Status
thunderbird_esr115 --- wontfix


(Reporter: darktrojan, Assigned: darktrojan)


(Regressed 2 open bugs)



(1 file)

Opening a folder causes Thunderbird to connect to the server and check for new messages. This isn't working if there is a certificate error. When I wrote a test for getting messages with a certificate error, it only checks what happens if you click the Get Messages button, which works.

At least in the IMAP case, we're correctly setting the failed security info on the URL for URL listeners to pick up later, but there are no listeners.

(Edit: There is a listener, but it's just the folder being updated. Which helps nobody.)

I've decided that just showing the "add certificate exception" dialog when a cert error is encountered isn't such a great idea. It encourages users to add exceptions, which makes them less safe. Especially in the case of a MITM attack, which looks and feels exactly the same as other certificate errors. (We should change that.)

Instead we should show an alert notification, just like we do for other connection errors, which then opens the exception dialog if it's clicked on. I will admit that part of the reason to do this is because it's much easier to implement. That said it's still taken me a large chunk of today.

That is indeed the way to go! (And the way it was the way it was.)

  • Changes the behaviour when a certificate error is encountered. Instead of just showing the
    certificate override dialog box, show a notification which opens the dialog if it is clicked on.
  • Uses a different notification text depending on the type of error. Domain mismatch (potential
    man-in-the-middle) errors will not show the certificate override dialog at all.
  • Surfaces errors that appear from changing the displayed folder. Previously these just silently failed.
  • Tests all of the above.
Target Milestone: --- → 127 Branch

Pushed by
Improve notifications about certificate errors when fetching mail. r=aleca

Closed: 2 months ago
Resolution: --- → FIXED
Regressions: 1894672
Regressions: 1894772
Regressions: 1903135
You need to log in before you can comment on or make changes to this bug.