Closed Bug 523555 Opened 12 years ago Closed 12 years ago

Cannot add CalDAV calendar via HTTPS if server has invalid/self-signed certificate


(Calendar :: Lightning Only, defect)

Not set


(Not tracked)



(Reporter: m.duelli, Assigned: Fallen)



(Keywords: regression)


(2 files, 1 obsolete file)

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; de; rv: Gecko/20090824 Firefox/3.5.3
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; de; rv: Gecko/20090915 Lightning/1.0pre Thunderbird/3.0b4

This might not be limited to CalDAV, but any remote calendar server using an invalid HTTPS certificate.

Reproducible: Always

Steps to Reproduce:
1. Open "New Calendar" wizard
2. Choose "On the network", click next
3. Add a CalDAV calendar with an url from a server with a invalid certificate, click next
4. Add color and name, click next

Actual Results:  
An error message shows up telling you that the calendar could not be added due to a invalid certificate.

Expected Results:  
I expected that TB/Lightning asks me whether I want to trust the invalid certificate (as done with mail servers).

This should be asked (a) after entering the URL and clicking next or (b) after adding color and name and clicking next, at the latest.

A workaround for this is to open TBs certificate manager and manually import and trust the invalid certificate.
just got bitten by this too... 
really bad usability problem.  it took me nearly an hour before google showed me a work arround :(
someone with less computer knowledge would probably give up before. our sysad said "worked with TB2" so I guess it is a regression.
The same applies to Sunbird 1.0pre, worked fine with 0.9 -> regression
Ever confirmed: true
Flags: blocking-calendar1.0?
Keywords: regression
Duplicate of this bug: 535953
Summary: Cannot add CalDAV calendar via HTTPS if server has invalid certificate → Cannot add CalDAV calendar via HTTPS if server has invalid/self-signed certificate
OS: Linux → All
Hardware: x86 → All
I saw this problem for my existing remote calendars after upgrading from TB2 and Lightning 0.9.  I have a self signed certificate for the server hosting my ics files through webdav, which I just rebuilt (so it's a new certificate that I hadn't accepted in TB2 / Lightning 0.9).  I've upgraded to:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20100111 Lightning/1.0b1 Thunderbird/3.0.1

After the TB / Lightning upgrade, when it got to my https requests for my webdav ics files using the self-signed certificate, it told me it was unable to load them due to the self signed certificate.  I did not have the option to add an exception.  I'll add a screen shot shortly.

The workaround appears to have resolved this for me.
Attached patch Fix - v1 (obsolete) — — Splinter Review
We don't have a nsIBadCertListener2, so no dialog is shown. This patch takes care by adding it to our provider getInterfaces method.

Unfortunately the network request is still canceled, so the user still needs to reload remote calendars the first time a bad certificate is presented. To fix this I'd rather see a provider fix of some sort that decides if the request should be retried based on the error message (i.e don't notify an error or retry if the error is NS_ERROR_...OFFLINE..., auto-retry on NS_ERROR_...BAD_CERT...)
Assignee: nobody → philipp
Attachment #432200 - Flags: review?(Mozilla)
Flags: blocking-calendar1.0? → blocking-calendar1.0+
Attachment #432200 - Flags: review?(Mozilla) → review?(
Attached patch patch v2 — — Splinter Review
Debitrotted the patch and changed it so a refresh is done on the calendar if the user added the invalid certificate to his store.
Attachment #432200 - Attachment is obsolete: true
Attachment #434562 - Flags: review?(philipp)
Attachment #432200 - Flags: review?(
Attachment #434562 - Flags: review?(philipp) → review+
Comment on attachment 434562 [details] [diff] [review]
patch v2

Looks good, r=philipp
Pushed to comm-central <>
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → 1.0b2
(In reply to comment #9)
> Pushed to comm-central <>
> -> FIXED

Philipp, it seems you have pushed patch v1, not v2. Have you done this on purpose?
Thanks for catching that! That wasn't on purpose. Backed out in changeset 5f5198980f40, committed correct patch (with a small typo fixed) in changeset e6733e6bf8ad.
Having this same problem with TB3.1.1.  Also, many of my normal emails are being reported as having invalid certificates.  What gives?
I don't get any option to accept the certificate.  Only to review certificate.
You need to log in before you can comment on or make changes to this bug.