On 09/27/2017 11:14 PM, Phil Perry wrote:
On 28/09/17 04:19, Alice Wonder wrote:
With the current Thunderbird I can not connect to one of my IMAP
servers that uses a self-signed cert. Virtually identical IMAP servers
that use CA signed certs work
I was a bit out of date when I updated to 7.4 and was running
Thunderbird 45.6.x and it worked.
When I connected from evolution (which I do not like) it worked.
When I connected with my laptop still running 45.6.x it works.
so - I rebuilt thunderbird 45.8.0 from 7.3 updates (newest that isn't
5x.x.x series) and did an --oldpackage update with RPM and it works
again.
When rebuilding the old thunderbird in mock I had to add the following:
BuildRequires: dbus-glib-devel
Either the build system used by CentOS automatically includes that, or
a build dependency use to pull that it but no longer does.
Anyway if anyone is having a similar problem, that's a solution.
-=-
This is what I see in the mail server log when current CentOS
thunderbird tries to connect:
Sep 25 20:17:49 librelamp dovecot: imap-login: Disconnected (no auth
attempts in 1 secs): user=<>,
rip=2600:1010:b064:f260:e83e:562d:2316:18df,
lip=2600:3c01::f03c:91ff:fee4:310c, TLS handshaking: SSL_accept()
failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca: SSL alert number 48,
session=<u7agQAlasK8mABAQsGTyYOg+Vi0jFhjf>
---
Since it works with current evolution and with older thunderbird, I
assume it is a bug in current thunderbird when the server is using a
self-signed cert.
Don't know if same thing happens on pop.
I use IMAP on 143 using starttls
I have no problem using a self-signed cert on my own private mail
server, although admittedly I'm using POP, not IMAP.
Have you imported your certificate(s) in thunderbird?
Preferences > Advanced > Certificates
When Thundirbird first attempts it offers to import. Under older version
it only asks once, and when I import, it's fine until I replace the
certificate (once a year, cert is good for three years but I generate
new once a year - I just make it good for three in case life gets in the
way).
The nee thunderbird continually asks but still fails to connect.
However as soon as I switched back to the older version, it didn't even
need to ask because I had already made an exception for that certificate.
Old thunderbird works as expected, new doesn't.
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos