[kmail2] [Bug 423424] New: Kmail "forces" the user to accept invalid TLS certificates.
Damian Poddebniak
bugzilla_noreply at kde.org
Wed Jun 24 09:18:18 BST 2020
https://bugs.kde.org/show_bug.cgi?id=423424
Bug ID: 423424
Summary: Kmail "forces" the user to accept invalid TLS
certificates.
Product: kmail2
Version: 5.13.3
Platform: Other
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: general
Assignee: kdepim-bugs at kde.org
Reporter: 93s4m32gd2ab8ax6 at mailbox.org
Target Milestone: ---
When the IMAP TLS certificate is bad, i.e. self-signed, kmail shows a warning
with three buttons: "Details", "Continue" and "Cancel". When the user clicks on
"Cancel", kmail repeats the login process and shows the warning again
immediately. This process continues in a loop, which can not be canceled by the
user when clicking on "Cancel" (the only secure option).
The only way to "escape" from this loop is to click on "Continue.", which might
reveal the username and password.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list