On 09/28/2017 02:50 AM, Alice Wonder wrote:
On 09/27/2017 11:14 PM, Phil Perry wrote:
On 28/09/17 04:19, Alice Wonder wrote:
With the current Thunderbird I can not connect to one of my IMAP
servers that uses a self-signed cert. Virtually identical IMAP servers
that use CA signed certs work
I was a bit out of date when I updated to 7.4 and was running
Thunderbird 45.6.x and it worked.
When I connected from evolution (which I do not like) it worked.
When I connected with my laptop still running 45.6.x it works.
so - I rebuilt thunderbird 45.8.0 from 7.3 updates (newest that isn't
5x.x.x series) and did an --oldpackage update with RPM and it works
again.
When rebuilding the old thunderbird in mock I had to add the following:
BuildRequires: dbus-glib-devel
Either the build system used by CentOS automatically includes that, or
a build dependency use to pull that it but no longer does.
Anyway if anyone is having a similar problem, that's a solution.
-=-
This is what I see in the mail server log when current CentOS
thunderbird tries to connect:
Sep 25 20:17:49 librelamp dovecot: imap-login: Disconnected (no auth
attempts in 1 secs): user=<>,
rip=2600:1010:b064:f260:e83e:562d:2316:18df,
lip=2600:3c01::f03c:91ff:fee4:310c, TLS handshaking: SSL_accept()
failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca: SSL alert number 48,
session=<u7agQAlasK8mABAQsGTyYOg+Vi0jFhjf>
---
Since it works with current evolution and with older thunderbird, I
assume it is a bug in current thunderbird when the server is using a
self-signed cert.
Don't know if same thing happens on pop.
I use IMAP on 143 using starttls
I have no problem using a self-signed cert on my own private mail
server, although admittedly I'm using POP, not IMAP.
Have you imported your certificate(s) in thunderbird?
Preferences > Advanced > Certificates
When Thundirbird first attempts it offers to import. Under older
version it only asks once, and when I import, it's fine until I
replace the certificate (once a year, cert is good for three years but
I generate new once a year - I just make it good for three in case
life gets in the way).
The nee thunderbird continually asks but still fails to connect.
However as soon as I switched back to the older version, it didn't
even need to ask because I had already made an exception for that
certificate.
Old thunderbird works as expected, new doesn't.
The "no auth attempts" strikes me as suspicious. This along with the
fact that your old thunderbird works suggests to me that there might
have been some security bits left out of the new thunderbird build. My
experience compiling Tbird pre-dates rpm, so this might have become
irrelevant, but used to be a that a build would still succeed even when
some capability was left out. The fact that your imap server is cool
with your several other clients would also seem to isolate the problem
back onto the new tbird.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos