Open Bug 214605 Opened 21 years ago Updated 7 years ago

Can't see (SSL) certificate details in MailNews

Categories

(SeaMonkey :: MailNews: Message Display, enhancement)

Product:
SeaMonkey
Component:
MailNews: Message Display
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

People

(Reporter: aspam, Unassigned)

References

Details

(Keywords: helpwanted) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624

I always use secure IMAP and SMTP for my email.  As you know, taking a look at
the certificate used is an important part of a secure client.  Mozilla doesn't
appear to offer a way to do this in Mail.  If it's there it isn't obvious.

There's the little lock on the secure IMAP accounts, but clicking or
right-clicking doesn't offer to show the cert.  I'd suggest a golden padlock in
the lower left just like every web site.

Reproducible: Always

Steps to Reproduce:
View/Message Security Info ?
The certificate view icon is a pen in the header pane of the email you are
viewing. Clicking on it shows me the cert
I was unaware of that item, but it's not what I'm talking about.  I'm not
sending messages that are encrypted or cryptographically signed.  I'm connecting
to an IMAPS server and an SMTP server with STARTTLS.  "Message security info"
doesn't recognize or address connection security.

The message security options support end-to-end email security by sending
encrypted email messages.  I'm using plain, clear email messages but making a
secure connection to my mail server.

Connection-level security is plenty if you're trading confidential email with
others who use the same mail server and who also use connection-level security.
  It also eliminates one link that might be compromised.  

Mozilla fully supports this security and even puts a lock next to the account to
indicate it's enabled.  This is great; there's just no UI that I can find that
displays the details of the certificate.  This situation is technically the same
as a HTTPS connection, which is why I suggest the same UI.
*** Bug 225114 has been marked as a duplicate of this bug. ***
Kai, do you have an opinion about this issue? Do you want to confirm this bug?

IMHO this makes some sense. The padlock should show the certificate information
about the currently selected server when you click on it. I'm not sure what
should be shown when a MoveMail or "Local Folders" account is currently selected.
There are two different areas of security involved when working with mail and
mail servers.

IMHO, if the connection to the server is encrypted, that should not be a
sufficient criteria to display a secure lock. A secure lock in a browser window
means "all information from the other side to you was transported encrypted".
This is not true for mail, even if the connection to your own server is secure.
The mail probably traveled over insecure mail agents. Because of that, only for
encrypted messages we display a secure lock in the status bar.

I agree it would be nice to be able to view the certificate.
I suggest to either make it available on a right click menu over the locked mail
server icon shown in the server pane.

Confirming bug based on Kai's comment. There should be *some* way to see the
certificates used for the connection to the mail servers. So this is a valid
enhancement request. I think Kai is right that using a lock icon in the status
bar wouldn't be the right way to do this.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Product: Browser → Seamonkey
Assignee: sspitzer → mail
Assignee: mail → nobody
QA Contact: esther → message-display
MASS-CHANGE:
This bug report is registered in the SeaMonkey product, but has been without a comment since the inception of the SeaMonkey project. This means that it was logged against the old Mozilla suite and we cannot determine that it's still valid for the current SeaMonkey suite. Because of this, we are setting it to an UNCONFIRMED state.

If you can confirm that this report still applies to current SeaMonkey 2.x nightly builds, please set it back to the NEW state along with a comment on how you reproduced it on what Build ID, or if it's an enhancement request, why it's still worth implementing and in what way.
If you can confirm that the report doesn't apply to current SeaMonkey 2.x nightly builds, please set it to the appropriate RESOLVED state (WORKSFORME, INVALID, WONTFIX, or similar).
If no action happens within the next few months, we move this bug report to an EXPIRED state.

Query tag for this change: mass-UNCONFIRM-20090614
Status: NEW → UNCONFIRMED
MASS-CHANGE:
This bug report is registered in the SeaMonkey product, but still has no comment since the inception of the SeaMonkey project 5 years ago.

Because of this, we're resolving the bug as EXPIRED.

If you still can reproduce the bug on SeaMonkey 2 or otherwise think it's still valid, please REOPEN it and if it is a platform or toolkit issue, move it to the according component.

Query tag for this change: EXPIRED-20100420
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → EXPIRED
This is still valid and desperately needed!
Status: RESOLVED → UNCONFIRMED
Keywords: helpwanted
Resolution: EXPIRED → ---
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Can't see certificate details in MailNews → Can't see (SSL) certificate details in MailNews
Still a wanted feature after 13yrs.
Still needed. 
What are the hurdles to overcome? I think, these should be discussed here.
Can I vote for this, too? I'm switching server certs from traditional to Let's Encrypt and need to debug IMAP and SMTP server certificates to verify my server configuration. Thunderbird doesn't seem to be able to assure me of the security of the server connection. Are there workarounds or other tools?
@Yves Goergen: I think you can use telnet so open a secure connection to your mail server and read info about the certificates used. I think I've done d that before. I had found a tutorial about it. If I can find it again, I'll post a link here.

Hope that helps...
Have a look at the following links. They are using openssl to debug ssl connections:

https://www.novell.com/support/kb/doc.php?id=7014827

Or 

http://m.meinit.nl/debugging-ssl-connection

Good luck!

PS: Sorry, for the typos... Was typing on the run on the phone... ;)
I have this in my shell history, I don’t remember where I copied it from…

    echo | openssl s_client -connect example.net:443 | openssl x509 -noout -dates

The s_client command also accepts -starttls imap or -starttls smtp among other options.
You need to log in before you can comment on or make changes to this bug.