213132 - domain mismatch warning window cannot be ignored

Status: RESOLVED DUPLICATE of bug 205677

(MailNews Core :: Security, defect)

Description

[ds]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6

When connecting to an IMAP or POP server through SSL, you are warned if the
domain name stated on the security certificate does not match the domain you are
using to connect to the mail server every time.

Reproducible: Always

Steps to Reproduce:
1. Set up an account with an SSL-enabled IMAP or POP3 server
2. The server should use a certificate with a mismatched domain name
3. Connect

Actual Results:  
The warning is not removable, and must be viewed every time the mailnews client
is started.

Expected Results:  
This is by design, but there is no option to ignore the warning in the future.
This should be allowed (with ample warning of the security risk) because in some
cases it is inavoidable. In my case, I am using paid shared hosting. The mail
server is for all clients on the server, but each client has his own
mail.domain.name.  I trust the authenticity of the connection, so I should be
able to ignore it in the future.

Also, it would be best to only forgo the warning in the future if the SAME
mismatched domain is detected in the cert. (i.e. if the mismatched domain
suddenly changes again--warn again, with the option of ignoring it 
for good until another change)

Occures in 1.4 milestone MailNews and latest Thunderbird.

Comment 1

[Matthias Versen [:Matti]]

don't use SSL at all. There is no difference if you ignore this warning or if
you don't use SSL

*** This bug has been marked as a duplicate of 205677 ***