Closed
Bug 516653
Opened 15 years ago
Closed 1 month ago
Yahoo's POP3S mail server misconfigured for client certificate authentication
Categories
(Tech Evangelism Graveyard :: Other, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: Usul, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
2.62 KB,
text/plain
|
Details |
While trying to set up a new Yahoo pop account an issue occured while verifying the certificate on the server. Either we miss something in our cert chain or Yahoo's emails servers are miss-configured. As we provide ssl config by default , all our users willing to read yahoo mail will choke on this. Attaching the log I got using OpenSSL and putting Nelson in cc as my knowledge of certs is limited. I'm pretty sure this is not the right component to put the bug in - but it's the best place under Thunderbird
Comment 1•15 years ago
|
||
There are a number of problems here, but I'm pretty sure that the problem is NOT that thunderbird fails to verify the server's certificate. The openssl program's successes and failures at verifying a host's certificate have absolutely nothing to do with Thunderbird's successes or failures at that. The real problem has not been reported here. There are at least two possible reasons for that, which include: 1) Thunderbird reported a precise error code and/or error string, which was not copied down into this bug report, or 2) (More likely, IMO) Thunderbird ignored the specific error code reported by NSS, and simply told the user that "an issue" occurred, without any details whatsoever about what issue it was. Now, even though the actual error code was not reported here, There's a pretty good chance that this bug is another slightly-different manifestation of these other bugs that involve SSL and Yahoo's mail servers: bug 313012 Secure SSL communication problem to IMAP server when using certificate bug 437683 Select SSL client certificate in account/identity configuration bug 456590 Yahoo and AT&T SMTP SSL change fails with Thunderbird bug 456593 Yahoo and AT&T POP SSL change causes bad behavior with Thunderbird I predict this bug will get fixed no more (or less) quickly than those others.
Reporter | ||
Comment 2•15 years ago
|
||
(In reply to comment #1) > 1) Thunderbird reported a precise error code and/or error string, which was > not copied down into this bug report, or Peer does not recognize and trust the CA that issued your certificate. Error code : ssl_error_unknown_ca_alert. Which according to http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html is -12195 > 2) (More likely, IMO) Thunderbird ignored the specific error code reported > by NSS, and simply told the user that "an issue" occurred, without any details > whatsoever about what issue it was. > > Now, even though the actual error code was not reported here, There's a pretty > good chance that this bug is another slightly-different manifestation of these > other bugs that involve SSL and Yahoo's mail servers: > > bug 313012 > Secure SSL communication problem to IMAP server when using certificate Indeed same issue as https://bugzilla.mozilla.org/show_bug.cgi?id=313012#c6 > I predict this bug will get fixed no more (or less) quickly than those others. sorry again for not providing the error message in the first place.
Reporter | ||
Comment 3•15 years ago
|
||
Adding roland so he knows the issue when we release 3.0
Updated•15 years ago
|
Assignee: nobody → other
Component: Security → Other
Product: Thunderbird → Tech Evangelism
QA Contact: thunderbird → other
Summary: Yahoo's email cert can't be verified by thunderbird → Yahoo's POP3S mail server misconfigured for client certificate authentication
Version: Trunk → unspecified
Updated•9 years ago
|
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•