Closed Bug 398534 Opened 13 years ago Closed 13 years ago

Can't log anymore into IMAP/SSL (or SMTP/SSL) servers having a bad certificate: no way to add an exception

Categories

(Core :: Security: PSM, defect)

defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 399043

People

(Reporter: sgautherie, Assigned: KaiE)

Details

(Keywords: regression)

Attachments

(1 obsolete file)

[Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a9pre) Gecko/2007100303 SeaMonkey/2.0a1pre] (nightly) (W2Ksp4)

I used to get
[
Website Certified by an Unknown Authority
...
You are connected to a site pretending to be *, {...}
]

I can accept the certificate or not :-)


[Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a9pre) Gecko/2007100402 SeaMonkey/2.0a1pre] (nightly) (W2Ksp4)

Now, I get
[
Alert
...
(sec_error_ca_cert_invalid)
]

I can only press OK ... = No way to log in :-(

I'm guessing this is a regression caused by "2007-10-03 04:52 / kaie%kuix.de / Bug 327181" !?
Flags: blocking1.9?
I have a patch in bug 387480
  (named: Non-Web Patch v2)
that can be used as a workaround.

I hope to get reviews soon.

You might want to read bug 387480.
Depends on: 387480
To explain more: It's not a regression.

Rejecting the connection by default is intended, because that server uses an untrusted security certificate.
(In reply to comment #1)
> You might want to read bug 387480.

Let me read ... bug 387480 comment 74 (only).
Then ... the current bug would be a dependent/duplicate of bug 387480 ("Non-Web Patch v2") ? And not related to bug 327181 ?

(In reply to comment #2)
> It's not a regression.

I disagree: being unable to access mail server is a (user/tester point of view) regression :-(
Yet, I agree that it is temporary only and needs/will be fixed :-)
Summary: Can't log into <mail.cashkado.com:993> (IMAP/SSL) anymore → Can't log anymore into IMAP/SSL servers having a bad certificate
(In reply to comment #3)
> And not related to bug 327181 ?

Forget this question: you already wrote "with the
landing of bug 327181, the use of servers with bad certs is completely
impossible" in bug 387480 :->
(In reply to comment #3)
> (In reply to comment #2)
> > It's not a regression.
> 
> I disagree: being unable to access mail server is a (user/tester point of view)
> regression :-(

It's not a regression, because "blocking by default without a click-though option" is now by design.

I can agree that's a regression in functionality, because for mail server protocols, we don't have a workaround/override possibility yet. This is the intention of "Non-Web Patch v2" in bug 387480.
This makes it impossible to use Mozilla based browsers from behind a Webwasher proxy, with the SSL scanner enabled, unless the Webwasher certificate is in the Trusted root certificate list.
Depends on: 399043
No longer depends on: 387480
bug 387480 is already blocking.
Flags: blocking1.9? → blocking1.9-
I checked in a fix for bug 399043.

With tomorrow's nightly builds, you should be able to use the "add exception" UI available in "certificate manager" (servers) to add an exception rule for your server.

The current workaround requires, that before you try to add the workaround, you must have attempted to connect to your mail server and have recently seen the failure in the current sessions.

Please comment here if this works for you. Thanks.
No longer depends on: 399043
See bug 399043 comment 7.

Let's R.Duplicate this one.
No longer blocks: https-error-pages
Status: NEW → RESOLVED
Closed: 13 years ago
OS: Windows 2000 → All
Hardware: PC → All
Resolution: --- → DUPLICATE
Summary: Can't log anymore into IMAP/SSL servers having a bad certificate → Can't log anymore into IMAP/SSL (or SMTP/SSL) servers having a bad certificate: no way to add an exception
Duplicate of bug: 399043
Attachment #584264 - Attachment is obsolete: true
(In reply to Metan from comment #10)
> Created attachment 584264 [details]
> 7567567

Probable malware.  Do not load or try to view this attachment.
Attachment #584264 - Attachment description: 7567567 → 7567567 [Probable malware: Don't run me!]
Attachment #584264 - Attachment filename: firefox.exe → firefox.exe__DontRunMe!
You need to log in before you can comment on or make changes to this bug.