Loading Profile...
Bug in DreamHosts's SSL certificates for email exposed in Thunderbird 2.0.0.23
Hi DreamHost Support Folks:
This is Roland from Thunderbird support. Thunderbird is an email client from Mozilla Messaging.
Mozilla Messaging just released Thunderbird 2.0.0.23 which exposes a "bug" (see DETAILS below) in DreamHost's SSL certificates. This "bug" affects all DreamHost customers who use email on DreamHost and who use Thunderbird 2.0.0.23
Not sure if you can fix this "bug", so just filing this problem here as a "heads up". Will also file it via your normal support channels. I'm also going to file a reply to this problem with a link to this topic at our Get Satisfaction which is:
http://getsatisfaction.com/mozilla_me...
...Roland "Technical Support Lead", Mozilla Messaging
DETAILS from https://bugzilla.mozilla.org/show_bug...
Thunderbird prior to 2.0.0.23 still contained the bug that allowed * in an SSL
cert to match more than one atom of a hostname (which actually violates the
spec).
Thunderbird 2.0.0.23 changed the behavior so that a domain name with more than
one atom in the spot where the * is in the cert name properly rejects the cert
as an invalid hostname. Dreamhost has mailservers named with a pattern like:
a1.postal.mail.dreamhost.com. Their cert says *.mail.dreamhost.com.
This is Roland from Thunderbird support. Thunderbird is an email client from Mozilla Messaging.
Mozilla Messaging just released Thunderbird 2.0.0.23 which exposes a "bug" (see DETAILS below) in DreamHost's SSL certificates. This "bug" affects all DreamHost customers who use email on DreamHost and who use Thunderbird 2.0.0.23
Not sure if you can fix this "bug", so just filing this problem here as a "heads up". Will also file it via your normal support channels. I'm also going to file a reply to this problem with a link to this topic at our Get Satisfaction which is:
http://getsatisfaction.com/mozilla_me...
...Roland "Technical Support Lead", Mozilla Messaging
DETAILS from https://bugzilla.mozilla.org/show_bug...
Thunderbird prior to 2.0.0.23 still contained the bug that allowed * in an SSL
cert to match more than one atom of a hostname (which actually violates the
spec).
Thunderbird 2.0.0.23 changed the behavior so that a domain name with more than
one atom in the spot where the * is in the cert name properly rejects the cert
as an invalid hostname. Dreamhost has mailservers named with a pattern like:
a1.postal.mail.dreamhost.com. Their cert says *.mail.dreamhost.com.
I’m hopeful Thunderbird and DreamHost support can work together on this one
1
person has this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
Create a customer community for your own organization
Plans starting at $19/month
