[kmail2] [Bug 423424] New: Kmail "forces" the user to accept invalid TLS certificates.

[Damian Poddebniak]

https://bugs.kde.org/show_bug.cgi?id=423424

            Bug ID: 423424
           Summary: Kmail "forces" the user to accept invalid TLS
                    certificates.
           Product: kmail2
           Version: 5.13.3
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: major
          Priority: NOR
         Component: general
          Assignee: kdepim-bugs at kde.org
          Reporter: 93s4m32gd2ab8ax6 at mailbox.org
  Target Milestone: ---

When the IMAP TLS certificate is bad, i.e. self-signed, kmail shows a warning
with three buttons: "Details", "Continue" and "Cancel". When the user clicks on
"Cancel", kmail repeats the login process and shows the warning again
immediately. This process continues in a loop, which can not be canceled by the
user when clicking on "Cancel" (the only secure option).

The only way to "escape" from this loop is to click on "Continue.", which might
reveal the username and password.

-- 
You are receiving this mail because:
You are the assignee for the bug.