https://bugs.kde.org/show_bug.cgi?id=423424
Bug ID: 423424
Summary: Kmail "forces" the user to accept invalid TLS
certificates.
Product: kmail2
Version: 5.13.3
Platform: Other
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: general
Assignee: kdepim-b...@kde.org
Reporter: 93s4m32gd2ab8...@mailbox.org
Target Milestone: ---
When the IMAP TLS certificate is bad, i.e. self-signed, kmail shows a warning
with three buttons: "Details", "Continue" and "Cancel". When the user clicks on
"Cancel", kmail repeats the login process and shows the warning again
immediately. This process continues in a loop, which can not be canceled by the
user when clicking on "Cancel" (the only secure option).
The only way to "escape" from this loop is to click on "Continue.", which might
reveal the username and password.
--
You are receiving this mail because:
You are watching all bug changes.
