Re: Thunderbird in CentOS 7.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 09/27/2017 11:14 PM, Phil Perry wrote:

On 28/09/17 04:19, Alice Wonder wrote:

With the current Thunderbird I can not connect to one of my IMAP
servers that uses a self-signed cert. Virtually identical IMAP servers
that use CA signed certs work

I was a bit out of date when I updated to 7.4 and was running
Thunderbird 45.6.x and it worked.

When I connected from evolution (which I do not like) it worked.

When I connected with my laptop still running 45.6.x it works.

so - I rebuilt thunderbird 45.8.0 from 7.3 updates (newest that isn't
5x.x.x series) and did an --oldpackage update with RPM and it works
again.

When rebuilding the old thunderbird in mock I had to add the following:

BuildRequires:  dbus-glib-devel

Either the build system used by CentOS automatically includes that, or
a build dependency use to pull that it but no longer does.

Anyway if anyone is having a similar problem, that's a solution.

-=-

This is what I see in the mail server log when current CentOS
thunderbird tries to connect:

Sep 25 20:17:49 librelamp dovecot: imap-login: Disconnected (no auth
attempts in 1 secs): user=<>,
rip=2600:1010:b064:f260:e83e:562d:2316:18df,
lip=2600:3c01::f03c:91ff:fee4:310c, TLS handshaking: SSL_accept()
failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca: SSL alert number 48,
session=<u7agQAlasK8mABAQsGTyYOg+Vi0jFhjf>

---

Since it works with current evolution and with older thunderbird, I
assume it is a bug in current thunderbird when the server is using a
self-signed cert.

Don't know if same thing happens on pop.

I use IMAP on 143 using starttls


I have no problem using a self-signed cert on my own private mail
server, although admittedly I'm using POP, not IMAP.

Have you imported your certificate(s) in thunderbird?

Preferences > Advanced > Certificates
When Thundirbird first attempts it offers to import. Under older version it only asks once, and when I import, it's fine until I replace the certificate (once a year, cert is good for three years but I generate new once a year - I just make it good for three in case life gets in the way). 

The nee thunderbird continually asks but still fails to connect.
However as soon as I switched back to the older version, it didn't even need to ask because I had already made an exception for that certificate. 

Old thunderbird works as expected, new doesn't.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux