Closed Bug 355303 Opened 18 years ago Closed 15 years ago

"Website Certified by an Unknown Authority" dialog loops when choosing "Accept this certificate permanently"

Categories

(Thunderbird :: Security, defect)

x86
Windows XP
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INCOMPLETE

People

(Reporter: min.guo, Unassigned)

Details

(Whiteboard: [closeme 2009-09-25])

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Build Identifier: Thunderbird 1.5.0.7 (Windows/20060909)

In Thunderbird when attempting to connect to an IMAP server that has an SSL certificate not created by a well-known CA, you get the "Website Certified by an Unknown Authority" dialog, with the usual options of "Accept this certificate permanently", temporarily, or don't connect at all.

If you choose the "Accept permanently" option and click OK, the dialog box simply reappears. It only goes away for good if you choose the "Accept temporarily" option.

For what it's worth, I don't know if this bug is for all SSL certificates, or only for unknown CAs - but the certificate that has caused this problem for me is also subject to a "security error: domain name mismatch" dialog after I click on the "accept temporarily" option. I don't know if any other certificate causes this bug. Nor do I know if it is specific to IMAP because I have no means to test this.

Reproducible: Always

Steps to Reproduce:
1. Create a self-signed certificate and put it on an IMAP server
2. Create an account in Thunderbird to connect to this server. Ensure that SSL connection is used (in my config, I don't have SSL authentication selected but don't know if this affects the reproduceability)
3. Now close Thunderbird. Re-open, and click on one of the IMAP folders in the account just set up. 

Actual Results:  
You get the dialog box, and even if you choose "Accept permanently" it just reappears after you click OK.

Expected Results:  
Dialog box to go away permanently and certificate to be permanently remembered.
Also happens on Seamonkey 2006121901 on Linux with SSL POP3.
Assignee: mscott → nobody
Reporter, Can you confirm whether this problem is gone, or still exists on a current version of thunderbird?  

We are working to help old bugs move along, so your comment will be helpful.
Whiteboard: revisit 2008-12-18
Unfortunately I no longer have access to the server that allowed me to test this bug, so can't confirm whether it still exists in the latest release.
Reporter any news for this bug?
Whiteboard: revisit 2008-12-18 → [revisit 2008-12-18][closeme 2009-09-25]
Component: Mail Window Front End → Security
QA Contact: front-end → thunderbird
Whiteboard: [revisit 2008-12-18][closeme 2009-09-25] → [closeme 2009-09-25]
we've redone this stuff in 3.0 so I would expect it's all different. And we have existing bugs on this, e.g., 493980 - I'll close this one as incomplete.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.