Open Bug 538133 Opened 14 years ago Updated 2 years ago

User Identification Request window can't remember decision not to supply certificate

Categories

(Thunderbird :: Security, defect)

x86
Windows 7
defect

Tracking

(Not tracked)

UNCONFIRMED

People

(Reporter: rcsheets, Unassigned)

References

Details

(Whiteboard: dupeme?)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a1pre) Gecko/20100105 Shredder/3.2a1pre

When connecting to an IMAP server that requests users identify themselves with a certificate, Thunderbird allows remembering the decision to use a given certificate, but is not able to remember the decision not to provide a certificate. The user can click "Cancel" and not send a certificate, but they will be prompted again next time. The "Remember this decision" checkbox should cause the decision not to send a certificate to be remembered.

Reproducible: Always

Steps to Reproduce:
1. Install a PKCS#12 certificate.
2. Connect to an IMAP server which requests clients to use a certificate for authentication.
3. At the User Identification Request window, make sure the "Remember this decision" checkbox is checked and then click "Cancel".
Actual Results:  
When the server is connected to again later, the same dialog box prompts them again to choose a certificate to present.

Expected Results:  
When the server is connected to again later, the client should remember the decision not to send a certificate, and should not display the dialog box.

This issue is present in Thunderbird 3.0 as well as the nightly from 2010/01/05. I suspect the issue exists on all platforms but I lack resources to confirm this, so I'm submitting this as x86/Windows 7.
Component: Mail Window Front End → Security
QA Contact: front-end → thunderbird
Did in worked in 2.0.0.23
This may be a special case of bug 437683 (allow "no certificate" option).
Whiteboard: dupeme?
Severity: minor → S4
You need to log in before you can comment on or make changes to this bug.