Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

decouple client certificates from authentication #5115

Merged
merged 2 commits into from
Feb 6, 2021

Conversation

toppk
Copy link
Contributor

@toppk toppk commented Feb 1, 2021

This allows the usage of client certificates to be independent of
authentication. It is possible that the usage of client certificates
eliminate the need for any authentication, or that they provide
other benifits.

This patch restructures the incoming and outgoing server setup pages
so that client certificates can be set as long as the connection uses
TLS/SSL. If the user chooses client certificates for authentication
it will prompt for certificate only if there isn't one already set.

Mixing password and client certificates works, and this builds upon
other work that allows these settings to coexist in the imap/smtpURI.

This also give the certificate spinner a little more polish.

  • label looks like other labels
  • some indentation
  • the cancel button only appears if there is something to cancel

Happy to get feedback. I reviewed the other attempts at this, and the only thing
that this lacks is the ability to use auth external without tls/ssl, which I could
implement, but I don't think there's a valid use case for that.

This PR requires a new decoder/encoder that can full persist these serversettings, as
the old uri format isn't up for the job. I'm happy to help coding a the new encoder/decoder
as well as a preference migrations routine if that help is desired.

@cketti
Copy link
Member

cketti commented Feb 4, 2021

Nice 👍

Can you please rebase on main and also update AccountSetupBasics to allow specifying a password and using a client certificate at the same time?

This allows the usage of client certificates to be independent of
authentication.  It is possible that the usage of client certificates
eliminate the need for any authentication, or that they provide
other benifits.

This patch restructures the incoming and outgoing server setup pages
so that client certificates can be set as long as the connection uses
TLS/SSL.  If the user chooses client certificates for authentication
it will prompt for certificate only if there isn't one already set.

Mixing password and client certificates works, and this builds upon
other work that allows these settings to coexist in the imap/smtpURI.

This also give the certificate spinner a little more polish.
  - label looks like other labels
  - some indentation
  - the cancel button only appears if there is something to cancel
@toppk
Copy link
Contributor Author

toppk commented Feb 5, 2021

done. let me know if you want me to flatten the commits.

@cketti cketti merged commit 2fa90e8 into thunderbird:main Feb 6, 2021
@cketti
Copy link
Member

cketti commented Feb 6, 2021

Thanks 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants