Ingo Kappler wrote:
> 
> For secure mail connections I use a selfsigned certificate on the server,

You mentioned imaps and pop3s in the subject.  Did you mean imaps and smtps?
AFAIK, mozilla doesn't do pop3 over SSL, but does do imaps and smtps.

> created with openssl. It works for my needs with netscape 6.2 and kmail and
> other programs, except mozilla 1.0 and netscape 7.
> 
> I get an error message saying it couldn`t establish a secure connection for
> the cert might be destroyed or not usable with error-code -8182.

Hmmm.  bugzilla bug http://bugzilla.mozilla.org/show_bug.cgi?id=153232 
reports a similar complaint, except that in that bug, the submittor was
using the cert for https, not for IMAPS, and the submittor did not claim 
that his cert worked with earlier versions of mozilla.  I was unable to 
connect to that user's https server with Communicator 4.x or with IE 5.5. 
When I examined that user's cert with NSS 3.4.1, I found that the cert's
signature did not verify properly.  That is the meaning of error -8182, 
the cert's signature was invalid.

But your case is different because you claim it worked with earlier 
versions of mozilla.  

> What has changed?

The version of NSS used by PSM in mozilla has changed, for one thing. 
There have also been numerous other changes in PSM.  PSM's error handling
UI for SSL has changed.

One conceivable explanation (and pure conjecture) might be that earlier 
versions of PSM in mozilla did not verify the signature of the server 
cert for IMAPS or SMTPS, or ignored the signature verification error.  

Perhaps earlier versions of PSM let you mark the cert as trusted,
even though the signature was invalid, and current versions

Another conjecture is that perhaps a change in NSS has caused it to no 
longer be able to correctly verify some valid signatures, but can still 
verify most other valid signatures.  This seems less likely to me than 
the previous conjecture, but I would like to test your cert with both
the present and older versions of NSS to confirm or refute this possiblity.

Without a copy of your cert, I can only conjecture about the cause.
Please file a bug against PSM in bugzilla and attach your server cert to it.  
Please be sure to explain exactly how you were using the cert, both in
earlier versions of mozilla that worked and in the versions that failed.

If you could make your server available to us for testing that might
also help.  We would not need an actual account on the server for testing
purposes, I believe.

> Thanks Ingo

--
Nelson Bolyard   
Disclaimer:                  I speak for myself, not for Netscape

Reply via email to