Package: thunderbird
Version: 1:128.4.0esr-1~deb12u1

After update from 1:115.16.0esr-1~deb12u1 to 1:128.4.0esr-1~deb12u1 in Debian 12 (DSA 5803-1), IMAP server valid Let's Encrypt certificate is not trusted by Thundrbird; notification

   The certificate for imap.<my domain here> does not come from a trusted source.

is displayed on connection.

After clicking notification, dialog pops up with message

   This site attempts to identify itself with invalid information.

with service address "imap.<my domain here>:993".

After clicking "Get Certificate" additional info is displayed:

   No Information Available
   Unable to obtain identification status for this site.

Adding cert exception (saving exception works only if "Get Certificate" is not clicked before like in https://bugzilla.mozilla.org/show_bug.cgi?id=1370022) does not resolve issue - connection error still occurs regardless of saved cert exception with correct cert sha256 fingerpint.

Same problem when trying to setup fresh Thunderbird account (after removing ~/.thunderbird and ~/.cache/thunderbird).

IMAP service is using valid wildcard cert issued for *.<my domain here> and is using mTLS (client certificate auth).

Same server cert is accepted without problems in same Debian 12 by Firefox ESR v128 and was working fine before Thunderbird upgrade.

No such problem in different Debian 12 system with Thunderbird 1:115.16.0esr-1~deb12u1 (not upgaded yet) with the same IMAP configuration.

Similar report

https://github.com/mozilla/releases-comm-central/issues/100

--

Regards,

Paweł Bogusławski
E:pawel.boguslaw...@ib.pl


Reply via email to