Description of problem: I am unable to add security exception for google apps IMAP hosted on own domain. Get certificate is greyed out and it shows "Unable to obtain identification status for the given site." It works in seamonkey <= 2.30 Version-Release number of selected component (if applicable): seamonkey-2.31-1.fc21 (affected) seamonkey-2.32-1.fc21 (affected) How reproducible: Always Steps to Reproduce: 1. e.g. configure IMAP SSL access for imap.yarda.eu:993 Actual results: Security dialog shows "Unable to obtain identification status for the given site." and the security exception cannot be added Expected results: Security exception can be added Additional info: Workaround found: downgrade to seamonkey-2.30-1.fc21, add exception, upgrade to seamonkey-2.30-1.fc21. Maybe related to upstream bug reports: https://bugzilla.mozilla.org/show_bug.cgi?id=1122239 https://bugzilla.mozilla.org/show_bug.cgi?id=1121601 The certificate is not self-signed, the chain: depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = imap.gmail.com verify return:1 I need the exception, because cname of my own domain is imap.yarda.eu, not imap.gmail.com.
(In reply to Jaroslav Škarvada from comment #0) > Additional info: > Workaround found: downgrade to seamonkey-2.30-1.fc21, add exception, upgrade > to seamonkey-2.30-1.fc21. > Typo, correct version: Workaround found: downgrade to seamonkey-2.30-1.fc21, add exception, upgrade to seamonkey-2.31-1.fc21.
If this is a regression, please report it to the developers at bugzilla.mozilla.org.
(In reply to Kai Engert (:kaie) from comment #2) > If this is a regression, please report it to the developers at > bugzilla.mozilla.org. OK, I will report it.
It's totally unusable now. Even if the exception added (in seamonkey-2.30), it starts asking for the exception time to time and when it starts it asks all the time again and again and the exception cannot be accepted. I have to downgrade to seamonkey-2.30. Log from console: Timestamp: 25.1.2015 01:05:10 Error: imap.yarda.eu:993 uses an invalid security certificate. The certificate is only valid for imap.gmail.com (Error code: ssl_error_bad_cert_domain) Timestamp: 25.1.2015 01:05:10 Warning: Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help http://xhr.spec.whatwg.org/ Source File: chrome://pippki/content/exceptionDialog.js Line: 107 Timestamp: 25.1.2015 01:05:10 Error: Attempted to connect to a site with a bad certificate in the add exception dialog. This results in a (mostly harmless) exception being thrown. Logged for information purposes only: [Exception... "Establishing a connection to an unsafe or otherwise banned port was prohibited" nsresult: "0x804b0013 (NS_ERROR_PORT_ACCESS_NOT_ALLOWED)" location: "JS frame :: chrome://pippki/content/exceptionDialog.js :: checkCert :: line 109" data: no] Source File: chrome://pippki/content/exceptionDialog.js Line: 115
(In reply to Jaroslav Škarvada from comment #4) > Timestamp: 25.1.2015 01:05:10 > Error: Attempted to connect to a site with a bad certificate in the add > exception dialog. This results in a (mostly harmless) exception being > thrown. Logged for information purposes only: [Exception... "Establishing a > connection to an unsafe or otherwise banned port was prohibited" nsresult: > "0x804b0013 (NS_ERROR_PORT_ACCESS_NOT_ALLOWED)" location: "JS frame :: > chrome://pippki/content/exceptionDialog.js :: checkCert :: line 109" data: > no] > Source File: chrome://pippki/content/exceptionDialog.js > Line: 115 Heh, it's blocking itself to get the certificate, it seems to be related to the port blocking "feature": http://www-archive.mozilla.org/projects/netlib/PortBanning.html Really smart. After adding: user_pref("network.security.ports.banned.override", "993"); to prefs.js, the exception dialog is no more grayed out, and I am able to add the exception as in seamonkey-2.30. So it's really broken now.
Upstream bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1109595
Let's track it upstream. Just for the record - do you see it also in Firefox or it's Seamonkey only?
(In reply to Martin Stransky from comment #7) > Let's track it upstream. Just for the record - do you see it also in Firefox > or it's Seamonkey only? Firefox doesn't have IMAP client (AFAIK :) so it shouldn't be affected. Maybe it's also reproducible in Thunderbird (according to upstream bugzilla), but I haven't tried.
Yes. I saw this "bug" when reverse DNS record does not exist for the site. The the exception can't be added. It was a general bug which does not affect IMAP only.