Closed Bug 362737 Opened 18 years ago Closed 18 years ago

Permanently allow Domain Name Mismatch for secure IMAP

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 228684

People

(Reporter: pander, Assigned: dveditz)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20060601 Firefox/2.0 (Ubuntu-edgy)
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20060601 Firefox/2.0 (Ubuntu-edgy)

When connecting with secure IMAP (SSL over port 993) to an IMAP host that has a certificate for host name "cc.dd", but you are connecting to a secondary host name "aa.bb", this will work but you will get the following error each time Thunderbird is started:


Security Error: Domain Name Mismatch

You have attempted to establish a connection with
"aa.bb". However, the security certificate presented
belongs to "dd.cc". It is possible, though unlikely, that
someone may be trying to intercept your communication with
this web site.

If you suspect the certificate shown does not belong to
""aa.bb", please cancel the connection and notify the
site administrator.

[View Certificate]   [Cancel] [OK]


I would like to request a change so that the buttons are replaced with

[View Certificate]   [Cancel] [Accept once] [Accept permanently]

With [Accept once] doing the same as the current [OK], and the [Accept permanently] accepting this Domain Name Mismatch permanently.

Implementing this will allow Thunderbird to be more user friendly.

Reproducible: Always

Steps to Reproduce:
1. Connect to secure IMAP (e.g. uw-IMAPd) over SSL but use a secondary host name, not the one for which the certificate has been generated for.
2. This will result in a Security Error: Domain Name Mismatch
Actual Results:  
Each time Thunderbird is started, it asks to accept this Security Error: Domain Name Mismatch

Expected Results:  
Thunderbird should offer the possibility to accept this indefinitely.

Optionally this setting should be displayed and be able to be edited in Certificate Manager in the Web Sites tab. This could be third column next to the already existing Certificate Name and Purposes. The field could be called Domain Name Mismatch and the values could be 'confirm startup' (default), 'allowed indefinitely'.
Version: unspecified → 1.5

*** This bug has been marked as a duplicate of 228684 ***
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.