Software Security Device + digital certificate == botched access to SSL IMAP

RESOLVED WORKSFORME

Status

Thunderbird
General
RESOLVED WORKSFORME
13 years ago
11 years ago

People

(Reporter: ltwally, Assigned: Scott MacGregor)

Tracking

x86
Windows XP

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050328 Firefox/1.0.2 (MOOX M2)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050328 Firefox/1.0.2

Accessing IMAP folders fails if SSL is enabled while a digital certificate is
installed.  If SSL is disabled, or the digital certificate is removed, things
are fine.

The following happens when both SSL is enabled and a digital certificate is
installed:  On launch, Thunderbird asks for the master password for the Software
Security Device (SSD).  If I enter the password for the SSD, then Thunderbird
produces an alert ("Error establishing an encrypted connection to *****.  Error
Code: -12195.") and will fail to be able to make an SSL IMAP connection.  If I
do NOT enter a password for the SSD, and instead hit the Cancel button
repeatedly, I will eventually be asked for the password for my IMAP server (once
entered, it will remember, so this only happens once) and thereafter I can
access my IMAP folders via SSL.

This problem re-occurs each and every time Thunderbird is launched, so long as a
digital cert is installed and SSL IMAP is enabled.

The digital certificate password, email-account password, and SSD password are
all different passwords.  If the email-account password and SSD password are the
same, yet a different error occurs.

Specifically, my SSL IMAP server is Runbox (secure.runbox.com:993), and my
digital certificate is the free email cert provided by Thawte (www.thawte.com).

I am running Thunderbird 1.0.2 (20050328) on Windows XP Professional (Build
2600.xpsp_sp2.rtm.040803-2158 : Service Pack 2).

I have not installed Mozilla to verify if it is a problem there as well.  This
problem is reproducable on a new account with Thunderbird.

Reproducible: Always

Steps to Reproduce:
1. Set up an IMAP account and enable SSL.
2. Install a digital certificate, and give yourself a SSD password if requested.
3. Close thunderbird, and re-launch the program.  Problem occurs at this stage.

Actual Results:  
The exact details are outlined above.

Expected Results:  
The software should not require you to enter the password for the SSD to be able
to make a SSL IMAP connection when a digital certificate is installed.

When sending email over SMTP, a digital certificate can be installed and TLS/SSL
can be enabled without any problem.  The same should be true of SSL IMAP.

Comment 1

13 years ago
(In reply to comment #0)
This bug seems to be the same: #257182

Comment 2

13 years ago
see also Bug 257182 and Bug 290787 
This is an automated message, with ID "auto-resolve01".

This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.

While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.

If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.

The latest beta releases can be obtained from:
Firefox:     http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey:   http://www.mozilla.org/projects/seamonkey/

Comment 4

13 years ago
The bug seems still to be there. When having installed a certificate for
encrypting and signing mails (in my case thawte) this seems to interfere with
server certificates and no ssl connection to an IMAP server is possible.
http://forums.mozillazine.org/viewtopic.php?p=1714927#1714927 shows that this
problem occurs for some people.

Comment 5

13 years ago
*** Bug 302088 has been marked as a duplicate of this bug. ***

Comment 6

13 years ago
Looks like I have filed similar bug at https://bugzilla.mozilla.org/show_bug.cgi?id=327001
For a temporary solution see https://bugzilla.mozilla.org/show_bug.cgi?id=327001#c2
(Reporter)

Comment 7

13 years ago
Thunderbird 1.5 apparently fixed this bug.  I can now have a digital certificate installed and use SSL IMAP.

Whomever fixed this, thank you very much.
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED

Updated

13 years ago
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Comment 8

13 years ago
Only bugs fixed by known code checkins get marked as fixed.
Status: REOPENED → RESOLVED
Last Resolved: 13 years ago13 years ago
Resolution: --- → WORKSFORME
(Reporter)

Comment 9

13 years ago
There are other people wanting a digital certificate to be used to login to an imap server... 

But that is not what this particular bug entry was for (as I am the original bug reporter).

This was a bug about the combination of digital cert + SSL IMAP resulting in failed IMAP connections.  This is resolved; I can now connect to my SSL IMAP server with a digital certificate installed for signing/encrypting messages.

BUG FIXED.
Resolution: WORKSFORME → FIXED

Comment 10

11 years ago
WORKSFORME is the correct closure. see
 http://developer.mozilla.org/en/docs/What_to_do_and_what_not_to_do_in_Bugzilla#Resolving_bugs_as_FIXED
 https://bugzilla.mozilla.org/page.cgi?id=fields.html#resolution
 
if you can cite the patch which fixed it, please do so and change this to FIXED
Resolution: FIXED → WORKSFORME
Version: unspecified → 1.0
You need to log in before you can comment on or make changes to this bug.