[snap] Cannot confirm security exception for invalid certificate

Status changed to 'Confirmed' because the bug affects multiple users.

Same here;

Name Thunderbird
Version 78.5.1
Build ID 20201130232704
Distribution ID ubuntu-snap-build
Update Directory
/snap/thunderbird/96
Update History
Update Channel release-cck-ubuntu
User Agent Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1
OS Linux 5.4.0-56-generic
Application Binary /snap/thunderbird/96/thunderbird-bin

To everyone affected: could you please run thunderbird from a terminal (`snap run thunderbird`) and in another terminal window run `journalctl -f | grep DEN`, reproduce the problem, close thunderbird, and share the output of both terminal windows here?

Thanks!

Hi Olivier, thanks for your help.

snap run thunderbird
Gtk-Message: 11:39:31.230: Failed to load module "canberra-gtk-module"
Gtk-Message: 11:39:31.248: Failed to load module "canberra-gtk-module"

(directly at launch, then nothing when reproducing the issue)

Nothing either with journalctl -f | grep DEN.

Thanks Johan. When you say "nothing happens" in the bug description, do you mean that the dialog is closed but the behaviour is not the one you expected, or does the dialog remain up and visible (i.e. the button doesn't close the window)?

By "nothing happens" I mean that the "Add Security Exception" window stays open with seemingly no effect when clicking on the button "Confirm Security Exception". Clicking multiple times doesn't change the state of the window either. The only way to advance is to click "Cancel" which closes the window (without adding the exception of course).

Thank you for your bug report, is there a public server which triggers the dialog which could be used for testing? Could you try to start thunderbird --jsconsole and see if any error is printed when trying to validate the exception?

i'll try again with a text file as i got an error sending the error ;)

-------- Forwarded Message --------
Subject: Submit Request Failure
Date: Mon, 14 Dec 2020 21:12:22 -0000
From: <email address hidden>
Reply-To: <email address hidden>
To: <email address hidden>

An error occurred while processing a mail you sent to Launchpad's email
interface.

Error message:

The message you sent included commands to modify the bug report,
but you didn't sign the message with an OpenPGP key that is
registered in Launchpad.

--
For more information about using Launchpad by email, see
https://help.launchpad.net/EmailInterface
or send an email to <email address hidden>

Looking at the Error Console was the right idea, thanks. Here's the error that is caught when clicking the "Confirm Security Exception" button:

Exception { name: "NS_ERROR_FAILURE", message: "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIURI.port]", result: 2147500037, filename: "chrome://pippki/content/exceptionDialog.js", lineNumber: 156, columnNumber: 0, data: null, stack: "getURI@chrome://pippki/content/exceptionDialog.js:156:7\naddException@chrome://pippki/content/exceptionDialog.js:386:13\n_fireButtonEvent@chrome://global/content/elements/dialog.js:487:19\n_doButtonCommand@chrome://global/content/elements/dialog.js:466:29\n_handleButtonCommand@chrome://global/content/elements/dialog.js:460:19\nInformUserOfCertError@chrome://messenger/content/mailWindow.js:685:10\nOnStopRunningUrl@chrome://messenger/content/mailWindowOverlay.js:2938:30\n", location: XPCWrappedNative_NoHelper }

The previous

Thanks, unsure what's the issue, it might be worth reporting upstream on https://bugzilla.mozilla.org

There are issues discussed on https://bugzilla.mozilla.org/show_bug.cgi?id=1590474 but it sounds a bit different

Did you try the deb of 78 or an older version? Could you also give some details on how to trigger the warning, is there a public website where an account could be created for testing?

I understand that it's particularly difficult to reproduce the bug because it requires a mail server with a certificate problem. Since it was blocking me, I temporarily dealt with this by not using the Snap version of TB and returning to the versions from the official Ubuntu PPA (in my case TB 68.10.0 on my Ubuntu 20.04.1 LTS machine and TB 78.3.2 on my Ubuntu 20.10 machine) which are not affected by this issue. That's why I tagged it as Snap-specific.

Today, I've finally found a solution to the certificate problem on my email server (which of course was the goal all along) so I returned to the Snap version on my Ubuntu LTS machine (to be able to use the most recent version of TB). Now, the "Add Security Exception" window is not blocking my anymore.

Sorry I can't bring more help to solve this problem but I hope this will help others to deal with it.

So, I don't think we should close this ticket because bypassing the security warning is still a useful temporary solution for end users which shouldn't be blamed for servers problems that can sometimes occur but as far as I'm concerned I can now move on.

i stoped using the snap version and all is well again

On 18/12/2020 16:31, Johan wrote:
> I understand that it's particularly difficult to reproduce the bug
> because it requires a mail server with a certificate problem. Since it
> was blocking me, I temporarily dealt with this by not using the Snap
> version of TB and returning to the versions from the official Ubuntu PPA
> (in my case TB 68.10.0 on my Ubuntu 20.04.1 LTS machine and TB 78.3.2 on
> my Ubuntu 20.10 machine) which are not affected by this issue. That's
> why I tagged it as Snap-specific.
>
> Today, I've finally found a solution to the certificate problem on my
> email server (which of course was the goal all along) so I returned to
> the Snap version on my Ubuntu LTS machine (to be able to use the most
> recent version of TB). Now, the "Add Security Exception" window is not
> blocking my anymore.
>
> Sorry I can't bring more help to solve this problem but I hope this will
> help others to deal with it.
>
> So, I don't think we should close this ticket because bypassing the
> security warning is still a useful temporary solution for end users
> which shouldn't be blamed for servers problems that can sometimes occur
> but as far as I'm concerned I can now move on.
>

like a boomerang I found myself ending up again with 78.7.1 (64bit) Thunderbird.

The issue still remains :(

Is there a workaround yet?

Can I set a breakpoint perhaps in the offending code and then tweak the local variables in such a way to get it working? I know how to debug with the dev tools. I just do not know yet where to look.

If you guys help me get going I'll post the workaround steps here and then report it on bugzilla

how do I set a breakpoint early in the call stack?

Uncaught
Exception { name: "NS_ERROR_FAILURE", message: "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIURI.port]", result: 2147500037, filename: "chrome://pippki/content/exceptionDialog.js", lineNumber: 156, columnNumber: 0, data: null, stack: "getURI@chrome://pippki/content/exceptionDialog.js:156:7\naddException@chrome://pippki/content/exceptionDialog.js:386:13\n_fireButtonEvent@chrome://global/content/elements/dialog.js:487:19\n_doButtonCommand@chrome://global/content/elements/dialog.js:466:29\n_handleButtonCommand@chrome://global/content/elements/dialog.js:460:19\nInformUserOfCertError@chrome://messenger/content/mailWindow.js:685:10\nOnStopRunningUrl@chrome://messenger/content/mailWindowOverlay.js:2940:30\n", location: XPCWrappedNative_NoHelper }
exceptionDialog.js:156
    getURI chrome://pippki/content/exceptionDialog.js:156
    addException chrome://pippki/content/exceptionDialog.js:386
    _fireButtonEvent chrome://global/content/elements/dialog.js:487
    _doButtonCommand chrome://global/content/elements/dialog.js:466
    _handleButtonCommand chrome://global/content/elements/dialog.js:460
    _handleButtonCommand self-hosted:844
    InformUserOfCertError chrome://messenger/content/mailWindow.js:685
    OnStopRunningUrl chrome://messenger/content/mailWindowOverlay.

never mind, am now in the debugger with the offending piece of code.

if I can figure this out in 20 minutes then great. otherwise I will give up

chrome://pippki/content/exceptionDialog.js
line 156
  if (uri.port == -1) { //offending line. url.port == undefined
    mutator.setPort(443);
  }

how do I change the source code to just not do this if statement?

nah I am giving up. this debugger is not working as expected.
also this code is riddled with exceptions.

uninstalling and going back to better times

Same issue here. I end up downloading the tar.bz2 package with the latest version and installing it myself. Will keep an eye to move back to snap once this is fixed :(

Same here, cannot use the snap version because of this :/

Same here. I defended Snaps in the past, but they are really getting in my way...

There is a similar error mentioned on https://bugzilla.mozilla.org/show_bug.cgi?id=1693244 but not conclusion

Apologies if this isn't the right place to post. I'm new to Ubuntu, and couldn't find anything recent that addresses my problem via a search of help topics.

As of this morning I can't access Thunderbird due to a box asking me to add a security exception as my mail server is attempting to identify itself with invalid information. The box to add an exception comes pre-ticked, but when I click on the 'Confirm Security Exception' button the box just remains. There are solutions available elsewhere, but they're all dependent on my being able to get into Thunderbird and change settings, and the presence of the box won't let me access the settings.

Is there a way around this. Please bear in mind I'm new to Ubuntu and have little experience in coding.

After not being able to get into Thunderbird all day yesterday, this morning everything is fine. I'm not sure what happened, but I'm glad it seems to have fixed itself, and hope it doesn't happen again.