Closed
Bug 398534
Opened 17 years ago
Closed 17 years ago
Can't log anymore into IMAP/SSL (or SMTP/SSL) servers having a bad certificate: no way to add an exception
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 399043
People
(Reporter: sgautherie, Assigned: KaiE)
Details
(Keywords: regression)
Attachments
(1 obsolete file)
[Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a9pre) Gecko/2007100303 SeaMonkey/2.0a1pre] (nightly) (W2Ksp4) I used to get [ Website Certified by an Unknown Authority ... You are connected to a site pretending to be *, {...} ] I can accept the certificate or not :-) [Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a9pre) Gecko/2007100402 SeaMonkey/2.0a1pre] (nightly) (W2Ksp4) Now, I get [ Alert ... (sec_error_ca_cert_invalid) ] I can only press OK ... = No way to log in :-( I'm guessing this is a regression caused by "2007-10-03 04:52 / kaie%kuix.de / Bug 327181" !?
Flags: blocking1.9?
Assignee | ||
Comment 1•17 years ago
|
||
I have a patch in bug 387480 (named: Non-Web Patch v2) that can be used as a workaround. I hope to get reviews soon. You might want to read bug 387480.
Depends on: 387480
Assignee | ||
Comment 2•17 years ago
|
||
To explain more: It's not a regression. Rejecting the connection by default is intended, because that server uses an untrusted security certificate.
Reporter | ||
Comment 3•17 years ago
|
||
(In reply to comment #1) > You might want to read bug 387480. Let me read ... bug 387480 comment 74 (only). Then ... the current bug would be a dependent/duplicate of bug 387480 ("Non-Web Patch v2") ? And not related to bug 327181 ? (In reply to comment #2) > It's not a regression. I disagree: being unable to access mail server is a (user/tester point of view) regression :-( Yet, I agree that it is temporary only and needs/will be fixed :-)
Summary: Can't log into <mail.cashkado.com:993> (IMAP/SSL) anymore → Can't log anymore into IMAP/SSL servers having a bad certificate
Reporter | ||
Comment 4•17 years ago
|
||
(In reply to comment #3) > And not related to bug 327181 ? Forget this question: you already wrote "with the landing of bug 327181, the use of servers with bad certs is completely impossible" in bug 387480 :->
Assignee | ||
Comment 5•17 years ago
|
||
(In reply to comment #3) > (In reply to comment #2) > > It's not a regression. > > I disagree: being unable to access mail server is a (user/tester point of view) > regression :-( It's not a regression, because "blocking by default without a click-though option" is now by design. I can agree that's a regression in functionality, because for mail server protocols, we don't have a workaround/override possibility yet. This is the intention of "Non-Web Patch v2" in bug 387480.
Comment 6•17 years ago
|
||
This makes it impossible to use Mozilla based browsers from behind a Webwasher proxy, with the SSL scanner enabled, unless the Webwasher certificate is in the Trusted root certificate list.
Assignee | ||
Comment 8•17 years ago
|
||
I checked in a fix for bug 399043. With tomorrow's nightly builds, you should be able to use the "add exception" UI available in "certificate manager" (servers) to add an exception rule for your server. The current workaround requires, that before you try to add the workaround, you must have attempted to connect to your mail server and have recently seen the failure in the current sessions. Please comment here if this works for you. Thanks.
Reporter | ||
Comment 9•17 years ago
|
||
See bug 399043 comment 7. Let's R.Duplicate this one.
No longer blocks: https-error-pages
Status: NEW → RESOLVED
Closed: 17 years ago
OS: Windows 2000 → All
Hardware: PC → All
Resolution: --- → DUPLICATE
Summary: Can't log anymore into IMAP/SSL servers having a bad certificate → Can't log anymore into IMAP/SSL (or SMTP/SSL) servers having a bad certificate: no way to add an exception
Comment 10•13 years ago
|
||
Updated•13 years ago
|
Attachment #584264 -
Attachment is obsolete: true
Comment 11•13 years ago
|
||
(In reply to Metan from comment #10) > Created attachment 584264 [details] > 7567567 Probable malware. Do not load or try to view this attachment.
Reporter | ||
Updated•13 years ago
|
Attachment #584264 -
Attachment description: 7567567 → 7567567
[Probable malware: Don't run me!]
Attachment #584264 -
Attachment filename: firefox.exe → firefox.exe__DontRunMe!
You need to log in
before you can comment on or make changes to this bug.
Description
•