Closed Bug 560233 Opened 15 years ago Closed 15 years ago

permanently stored security exceptions are not permanent (ssh tunnel)

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 528922

People

(Reporter: troycauble, Unassigned)

Details

User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Build Identifier: Thunderbird 3.0.4 for MAC I read email via an ssh tunnel to an IMAP server. Security settings are "SSL/TLS". My tunnel is localhost:9993 -> <mymailhost>:993 localhost2 is an alias for localhost in /etc/hosts Several times a day I'm asked to "Confirm Security Exception" for my "localhost2:9993" Location because the certificate belongs to the Wrong Site. I always check "Permanently Store" the exception, but I keep getting asked. At least once a day this dialog pops up ~12 times in a row (Exception, Confirm, Exception, Confirm ...). Perhaps this is because I have about that many top level IMAP folders? Or maybe it's multiple connections maintained in T-bird? There's also multiple individual confirmations per day. I use the "localhost2" alias because I had theorized that this was related to also having a SMTP tunnel from localhost and T-bird not distinguishing certificate exceptions by port. The alias may have improved things, but I'm still frequently confirming this exception. Reproducible: Always Steps to Reproduce: 1. Read SSL/TLS IMAP mail through an SSH tunnel to get "Wrong Site" exceptions. 2. Do this for a few days and see how often you Permanently save the same exception. Actual Results: Frequently asked to save the same security exception. Expected Results: Should only need to permanently save a security exception once.
This looks like bug 465702.
It turns out my problem was NOT specific to using an SSH tunnel. I've stopped using the tunnel and the problem persists. I'm also seeing it when I don't take it home, but just leave it on the same network. (So it's not 465702.) For some reason, I occasionally have to "Confirm Security Exception" for my "mymailhost:9993" 6 or 8 times in a row.
(In reply to comment #2) > It turns out my problem was NOT specific to using an SSH tunnel. I've stopped > using the tunnel and the problem persists. > > I'm also seeing it when I don't take it home, but just leave it on the same > network. (So it's not 465702.) For some reason, I occasionally have to > "Confirm Security Exception" for my "mymailhost:9993" 6 or 8 times in a row. So that's what bug 465702 is about, issues with missconfigured server certificate. I don't see why you think it's different ? Can you get your server cert and analyse it using openssl (and see if there are name missmatches etc ...) ?
OS: Mac OS X → Windows 7
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.