Package: thunderbird
Version: 1:128.4.0esr-1~deb12u1
After update from 1:115.16.0esr-1~deb12u1 to 1:128.4.0esr-1~deb12u1 in
Debian 12 (DSA 5803-1), IMAP server valid Let's Encrypt certificate is
not trusted by Thundrbird; notification
The certificate for imap.<my domain here> does not come from a
trusted source.
is displayed on connection.
After clicking notification, dialog pops up with message
This site attempts to identify itself with invalid information.
with service address "imap.<my domain here>:993".
After clicking "Get Certificate" additional info is displayed:
No Information Available
Unable to obtain identification status for this site.
Adding cert exception (saving exception works only if "Get Certificate"
is not clicked before like in
https://bugzilla.mozilla.org/show_bug.cgi?id=1370022) does not resolve
issue - connection error still occurs regardless of saved cert exception
with correct cert sha256 fingerpint.
Same problem when trying to setup fresh Thunderbird account (after
removing ~/.thunderbird and ~/.cache/thunderbird).
IMAP service is using valid wildcard cert issued for *.<my domain here>
and is using mTLS (client certificate auth).
Same server cert is accepted without problems in same Debian 12 by
Firefox ESR v128 and was working fine before Thunderbird upgrade.
No such problem in different Debian 12 system with Thunderbird
1:115.16.0esr-1~deb12u1 (not upgaded yet) with the same IMAP configuration.
Similar report
https://github.com/mozilla/releases-comm-central/issues/100
--
Regards,
Paweł Bogusławski
E:pawel.boguslaw...@ib.pl