Open Bug 437685 Opened 17 years ago Updated 16 years ago

Select SSL client certificate in mail/news account configuration

Categories

(SeaMonkey :: MailNews: Account Configuration, enhancement)

Product:
SeaMonkey
Component:
MailNews: Account Configuration
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

People

(Reporter: nelson, Unassigned)

References

(Blocks 1 open bug)

Details

The configuration for each email/news account in SeaMonkey should include a selection of which certificate to send to the server when the server requests that the client authenticate itself with an SSL client certificate. The choices should include: - choose automatically, every time (default) - ask me every time - Send no certificate (do not authenticate with a certificate) - Use this certificate [ list box of usable SSL client certs ] There are numerous bugs getting a bunch of activity recently, complaining that when their IMAPS, SMTPS or POP3S server requests that their MUA authenticate itself to the server using an SSL client certificate, the client silently responds with some cert that the server subsequently rejects. The result is that the user is unable to use the IMAPS, SMTPS or POP3S account until he either a) deletes his SSL client certificate, so that it is no longer available to be automatically chosen by SeaMonkey, or b) selects "ask me every time" (This may only be an option in SeaMonkey, and not in Thunderbird, I'm not sure). Apparently, many users whose mail servers request SSL client certificate authentication do not implement SSL session caching correctly, with the result that their server requests client authentication on EVERY connection from the MUA. For a user who has selected "ask me every time" the frequency of the cert selection dialogs makes his MUA unusable. The solution to these problems is to give the user the ability to configure each account, one time, with his choice of certificate (including the choice NONE) to be sent every time that server asks for that account. Ideally, one solution would fit both Thunderbird and SeaMonkey. I filed RFE bug 437683 for Thunderbird. I am filing this bug for SeaMonkey because I suspect that the "front end" work for SeaMonkey will be separate from that done for Thunderbird. I will add the numbers of related bug to the list of bugs depending on this one.
Consider this : 2 mail accounts, 2 SMTP servers, each accepting SSL connections with authentication based on SSL certificate. Both certificates installed in TB, but there is no way in the UI to associate a certificate to a server connection. Consequently, only one account works, the other fails authentication because the wrong certificate is used. Apparently TB uses the first one it finds in the list (?) but unsure. Please reconsider priorities on this one. Note : problem is not Linux specific.
Andrei, This bug is for SeaMonkey. If your request is for Thunderbird, please add your comment to bug 437683.
You need to log in before you can comment on or make changes to this bug.