"Website Certified by an Unknown Authority" dialog loops when choosing "Accept this certificate permanently"

RESOLVED INCOMPLETE

Status

Thunderbird
Security
RESOLVED INCOMPLETE
11 years ago
9 years ago

People

(Reporter: min.guo, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [closeme 2009-09-25])

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Build Identifier: Thunderbird 1.5.0.7 (Windows/20060909)

In Thunderbird when attempting to connect to an IMAP server that has an SSL certificate not created by a well-known CA, you get the "Website Certified by an Unknown Authority" dialog, with the usual options of "Accept this certificate permanently", temporarily, or don't connect at all.

If you choose the "Accept permanently" option and click OK, the dialog box simply reappears. It only goes away for good if you choose the "Accept temporarily" option.

For what it's worth, I don't know if this bug is for all SSL certificates, or only for unknown CAs - but the certificate that has caused this problem for me is also subject to a "security error: domain name mismatch" dialog after I click on the "accept temporarily" option. I don't know if any other certificate causes this bug. Nor do I know if it is specific to IMAP because I have no means to test this.

Reproducible: Always

Steps to Reproduce:
1. Create a self-signed certificate and put it on an IMAP server
2. Create an account in Thunderbird to connect to this server. Ensure that SSL connection is used (in my config, I don't have SSL authentication selected but don't know if this affects the reproduceability)
3. Now close Thunderbird. Re-open, and click on one of the IMAP folders in the account just set up. 

Actual Results:  
You get the dialog box, and even if you choose "Accept permanently" it just reappears after you click OK.

Expected Results:  
Dialog box to go away permanently and certificate to be permanently remembered.

Comment 1

11 years ago
Also happens on Seamonkey 2006121901 on Linux with SSL POP3.

Updated

10 years ago
Assignee: mscott → nobody

Comment 2

9 years ago
Reporter, Can you confirm whether this problem is gone, or still exists on a current version of thunderbird?  

We are working to help old bugs move along, so your comment will be helpful.
Whiteboard: revisit 2008-12-18
(Reporter)

Comment 3

9 years ago
Unfortunately I no longer have access to the server that allowed me to test this bug, so can't confirm whether it still exists in the latest release.
Reporter any news for this bug?

Updated

9 years ago
Whiteboard: revisit 2008-12-18 → [revisit 2008-12-18][closeme 2009-09-25]
Component: Mail Window Front End → Security
QA Contact: front-end → thunderbird
Whiteboard: [revisit 2008-12-18][closeme 2009-09-25] → [closeme 2009-09-25]

Comment 5

9 years ago
we've redone this stuff in 3.0 so I would expect it's all different. And we have existing bugs on this, e.g., 493980 - I'll close this one as incomplete.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.