After upgrading to Thunderbird 102 (from whatever the previous version on the Ubuntu 20.04 repos was), I can no longer connect to the CalDAV server I run. Thunderbird refuses the certificate, claiming it belongs to a different site.
The FQDN by which I connect to the server matches the common name of the certificate, and the certificate has not expired – I have verified both these things.
The certificate was issued by a private CA, whose certificate I added to the store long before the upgrade. I was able to connect to the server before the upgrade.
Even defining a security exception does not work: every time I refresh, I get the same certificate error.
My smartphone has no problems connecting to the same server with DAVx⁵.
If I try to connect to the server with Firefox 105.0, I get a similar error (SSL_ERROR_BAD_CERT_DOMAIN
) but can connect after adding a security exception. (Since Firefox shares some code with Thunderbird, they might also share certain bugs or unexpected behavior.)
The certificate does not specify any purposes for key usage – I have seen some other applications have started rejecting certificates because of this, so I am wondering if this could be the issue (in which case the error message would be misleading).
Any ideas?