Closed Bug 274356 Opened 20 years ago Closed 20 years ago

Boring popup on ssl certificates

Categories

(Thunderbird :: General, defect)

Product:
Thunderbird
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 205677

People

(Reporter: morpheu5, Assigned: mscott)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

When I check the mail via a ssl pop3 server, I always get a popup informing me
about some inconsistences in the certificate (something about server ownership
of the certificate).

Reproducible: Always
Steps to Reproduce:
See Details
Actual Results:  
See Details

Expected Results:  
See Details
yes, and where is the bug ?
Fix the certificate !
(In reply to comment #1)
> yes, and where is the bug ?
> Fix the certificate !

I can't because there's only one qmail server for several domain names. I mean,
I can have mail.domain1.com, mail.domain2.com etc served by the same machine, I
think it can't be done to have a certificate for every domain. I mean, the
certificate is only needed to grant that the connection is not intercepted by
other hosts and I explicitly accepted it once, why have Thunderbird to worry
again about it?
don't discuss, just ask the right "question" the next time:..

something like :
"I want to permanently disable a domain mismatch warning"

*** This bug has been marked as a duplicate of 205677 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
The real solution is for the server to get a certificate that contains 
ALL the domain names that it serves.  It it serves as the POP server 
for 10 domains, then it should have all 10 of those DNS names in the cert.
Then you won't see any any warnings.

Without the host name mismatch warning, your browser is vulnerable to 
a large set of attacks, so the solution is not to disable the warning.
The browser is properly warning you about a cert that doesn't name the
host you asked to visit.  The solution is for the host to get a cert
that has its name in it.
You need to log in before you can comment on or make changes to this bug.