On 29.12.2023 22:46, Carlos E. R. wrote:
Anyway, I tried and could not reproduce your problem. I setup dovecot ("zypper in dovecot", generated self-signed certificate using the same command I showed, that's all) on Leap 15.4. I configured TB 115.5.0 to use it with IMAP in TLS mode. TB asked me if I wanted to trust this certificate and entered exception in cert_override.txt. I then replaced key/certificate pair on dovecot with new one and restarted dovecot. When updating folders TB popped up the same question and updated cert_override.txt. So as far as I can tell it works as expected.
Ok, thanks for testing. But my TB never asks. Tried with two TB on two computers.
It asks when I select INBOX from the dovecot account (may not be needed) and press "Get Messages" button. It does not ask when it attempts to download messages in the background.
If you can describe conditions which lead to your issue, I may try to dig further. But so far I do not have anything to begin with.
An update led to the issue. It was working, and one day it was not. Not my doing.
The format of the cert_override.txt is pretty trivial and can be generated manually if necessary.
Huh, not that trivial. I searched, and posted several links I found about it. There is a program somewhere to generate the lines.
It has three fields - server:port, SHA256 OID and SHA256 certificate fingerprint itself. It apparently may also contains forth field (specific certificate problems that are to be ignored) and the fifth field which is effectively additional checksum, but my TB here did not generate them. It is the fifth field that is not trivial, yes. And yes, there is Python script to generate all five fields.
I just had an idea. Create a new Thunderbird profile with a single local account on my dovecot.
YES! The wizard asks me to instantly add an exception (for telcontar.valinor:143). If I ask to "get certificate", it stalls and everything greys out. I have to cancel and try again, and this time say "confirm exception".
I can see the "cert_override.txt". I will copy paste the line to the main profile, while it is stopped, then start it.
I have to save this post and retake later.
[...]
Doesn't work. The file "cert_override.txt" has the line for "telcontar.valinor",
That is wrong. It has to be line for the exact server + port number. bor@bor-Latitude-E5450:~$ cat ~/.thunderbird/lug37pt8.default/cert_override.txt # PSM Certificate Override Settings file # This is a generated file! Do not edit. localhost:1993: OID.2.16.840.1.101.3.4.2.1 79:24:B9:DE:7A:38:89:4E:07:30:95:70:A6:26:38:88:C2:05:9B:75:38:61:B4:17:16:CC:AA:44:1C:F2:61:D6 bor@bor-Latitude-E5450:~$
but Settings/Manage Certificates doesn't, and I still can not open mails in my local dovecot.
YAGGGH!
I think that what is missing is that the certificate has to be imported into "cert9.db" file.
(Can't import the certificate, it can only do from some https:// address)