Closed
Bug 1293378
Opened 8 years ago
Closed 6 years ago
deal with nsIX509Cert constants VERIFIED_OK, NOT_VERIFIED_UNKNOWN (after bug 1284946)
Categories
(MailNews Core :: Security, defect)
MailNews Core
Security
Tracking
(thunderbird_esr6062+ fixed)
RESOLVED
FIXED
Thunderbird 63.0
People
(Reporter: mkmelin, Assigned: mkmelin)
References
Details
Attachments
(4 files, 5 obsolete files)
2.20 KB,
application/pkix-cert
|
Details | |
2.21 KB,
application/pkix-cert
|
Details | |
13.10 KB,
patch
|
mkmelin
:
review+
|
Details | Diff | Splinter Review |
12.85 KB,
patch
|
jorgk-bmo
:
approval-comm-esr60+
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #1287825 +++ Bug 1287825 comment 2: Sorry - I forgot to check for instances of what bug 1284946 was going to remove in comm-central. Along those lines, it looks like the nsIX509Cert constants VERIFIED_OK, NOT_VERIFIED_UNKNOWN, etc. will have to be dealt with here: https://dxr.mozilla.org/comm-central/rev/752a2122c521c5115049f4fbb4229484a05b2c2c/mailnews/extensions/smime/content/msgCompSecurityInfo.js#24 As far as I can tell, that function is only being used from line 204 of that file. The values passed to it come from the call to nsISMimeJSHelper.getRecipientCertsInfo on line 89. Looking at the implementation, those values appear to all just be 0: https://dxr.mozilla.org/comm-central/source/mailnews/extensions/smime/src/nsSMimeJSHelper.cpp#97 so this implementation can be simplified somewhat.
Comment 1•7 years ago
|
||
(Presumably this isn't actually a blocker - else someone would have already killed this)
Severity: blocker → normal
Flags: needinfo?(mkmelin+mozilla)
Updated•7 years ago
|
Flags: needinfo?(mkmelin+mozilla)
Assignee | ||
Comment 2•6 years ago
|
||
There appears to be a bunch of dead code here. The statuses in https://searchfox.org/comm-central/rev/206167865d0412b06b864631cee8a9cb7f86ff63/mailnews/extensions/smime/content/msgCompSecurityInfo.js#24 do not exist (anymore?) The code is only about the Security dialog in the compose window, where all the cert info one will see at the moment is issuing date and expiry date of certs. But in this context I don't think those are even that useful as it doesn't really matter that the cert expired. I guess in this case you could send unencrypted to be sure, but in general the recipient would be able to read it fine unless he lost the old certificate. What would be interesting in that dialog is the cert status, but that column is always blank now since the verification is all dead code. Hmm :/
Assignee | ||
Comment 3•6 years ago
|
||
Made the status column work again.
Assignee: nobody → mkmelin+mozilla
Status: NEW → ASSIGNED
Attachment #8999582 -
Flags: review?(acelists)
Assignee | ||
Comment 4•6 years ago
|
||
Comment on attachment 8999582 [details] [diff] [review] bug1293378_cert_status.patch Review of attachment 8999582 [details] [diff] [review]: ----------------------------------------------------------------- ::: mailnews/extensions/smime/content/msgCompSecurityInfo.js @@ +233,5 @@ > gListBox.appendChild(listitem); > } > } > > +function findOutStatus(cert) { ah, forgot to remove this
Comment on attachment 8999582 [details] [diff] [review] bug1293378_cert_status.patch Review of attachment 8999582 [details] [diff] [review]: ----------------------------------------------------------------- ::: mailnews/extensions/smime/content/msgCompSecurityInfo.js @@ +166,2 @@ > listitem.appendChild(createCell(gEmailAddresses.value[i])); > + let id = "recipient-nbr-" + i Missing semicolon? But is the 'id' variable even needed? @@ +191,5 @@ > + const SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13; > + const SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20; > + const SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21; > + const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = SEC_ERROR_BASE + 30; > + const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = SEC_ERROR_BASE + 176; What are these constants (like 176)? Can't we fetch them by names from anywhere? @@ +216,5 @@ > + let errorPresent = results.some(result => > + result.errorCode == errorRanking.error > + ); > + if (errorPresent) { > + bs = errorRanking.bundleString; I'm not sure I understnad this. We have multiple results? Why? And then we compare the multiple results to error codes and only use the first hit for output? Why? @@ +222,5 @@ > + } > + } > + > + document.getElementById(id).firstChild.nextSibling // second column > + .setAttribute("label", gBundle.getString(bs)); Don't we align under the dot in these cases? @@ +261,5 @@ > + certdb.asyncVerifyCertAtTime(cert, usage, 0, null, now, > + (aPRErrorCode, aVerifiedChain, aHasEVPolicy) => { > + resolve({ usageString, > + errorCode: aPRErrorCode, > + chain: aVerifiedChain }); Does m-c have competitions in writing the most obfuscated code? ;)
Attachment #8999582 -
Flags: feedback+
Assignee | ||
Comment 6•6 years ago
|
||
(In reply to :aceman from comment #5) > Comment on attachment 8999582 [details] [diff] [review] > bug1293378_cert_status.patch > > Review of attachment 8999582 [details] [diff] [review]: > ----------------------------------------------------------------- > > ::: mailnews/extensions/smime/content/msgCompSecurityInfo.js > @@ +166,2 @@ > > listitem.appendChild(createCell(gEmailAddresses.value[i])); > > + let id = "recipient-nbr-" + i > > Missing semicolon? But is the 'id' variable even needed? Ah you're right. This was leftover from an earlier iteration. > > @@ +191,5 @@ > > + const SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13; > > + const SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20; > > + const SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21; > > + const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = SEC_ERROR_BASE + 30; > > + const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = SEC_ERROR_BASE + 176; > > What are these constants (like 176)? Can't we fetch them by names from > anywhere? Unfortunately we can't. I'm not sure why security things like these don't define accessible named constants. I think it has something to do with that part is nss code and part is integration code. > > @@ +216,5 @@ > > + let errorPresent = results.some(result => > > + result.errorCode == errorRanking.error > > + ); > > + if (errorPresent) { > > + bs = errorRanking.bundleString; > > I'm not sure I understadd this. We have multiple results? Why? And then we > compare the multiple results to error codes and only use the first hit for > output? Why? Certificates are issued for different usages. In theory (at least) you could have a certificate that is allowed to sign but not encrypt. Therefore there are multiple results from the checks. We only show the first one, mainly because it gets crowded to display two. Doesn't really matter so much which use case that has the a problem either - as a problem is a problem, and this is status "at a glance". For all practical use case I do think both sign and encrypt are supported for s/mime certificates. > > @@ +222,5 @@ > > + } > > + } > > + > > + document.getElementById(id).firstChild.nextSibling // second column > > + .setAttribute("label", gBundle.getString(bs)); > > Don't we align under the dot in these cases? Maybe, but it's a bit confusing in cases like this. I've changed it now. > Does m-c have competitions in writing the most obfuscated code? ;) Heh, yeah I was happy to just borrow it. Certificate handling is quite involved...
Assignee | ||
Comment 7•6 years ago
|
||
Attachment #8999582 -
Attachment is obsolete: true
Attachment #8999582 -
Flags: review?(acelists)
Attachment #8999700 -
Flags: review?(acelists)
Assignee | ||
Comment 9•6 years ago
|
||
Comment on attachment 8999700 [details] [diff] [review] bug1293378_cert_status.patch Discovered this still needs some more work to work as intended for all cases.
Attachment #8999700 -
Attachment is obsolete: true
Attachment #8999700 -
Flags: review?(acelists)
Assignee | ||
Comment 10•6 years ago
|
||
It turned out the non-ok certificates were already filtered out. That prompts the question though, should invalid certificates be allowed to use? CA:s would probably say no, but for practical purposes, you might want to do that especially if it's only that the cert expired. If you want to encrypt, you don't have a choice as you can't obtain the recipient cert on the spot - so your only option is to send in clear text.
Attachment #9000036 -
Flags: review?(acelists)
Assignee | ||
Comment 11•6 years ago
|
||
Assignee | ||
Comment 12•6 years ago
|
||
Assignee | ||
Comment 13•6 years ago
|
||
To test, you can go to the settings: Advanced | Certificates. Manage certificates | People. Then import. After you have the cert imported, write a new mail and put their email in the To field. Then click open Security (in the toolbar). See the results.
Assignee | ||
Comment 14•6 years ago
|
||
Fixed a bug.
Attachment #9000036 -
Attachment is obsolete: true
Attachment #9000036 -
Flags: review?(acelists)
Attachment #9001522 -
Flags: review?(acelists)
Comment 15•6 years ago
|
||
Comment on attachment 9001522 [details] [diff] [review] bug1293378_cert_status.patch Review of attachment 9001522 [details] [diff] [review]: ----------------------------------------------------------------- Thanks, I have seen the difference on the sample certificates. The dialog now displays them and marks Expired instead of "Not found". ::: mailnews/extensions/smime/content/msgCompSecurityInfo.js @@ +180,5 @@ > } > else > { > let status = document.createElement("label"); > + status.setAttribute("value", "…"); What does this say? Temporary value until the status string is fetched? May it need to be localized? @@ +201,5 @@ > + let someError = results.some(result => > + result.errorCode !== PRErrorCodeSuccess > + ); > + if (!someError) { > + listitem.firstChild.nextSibling // second column Don't you have the 'status' variable for this element? @@ +244,5 @@ > + break; > + } > + } > + > + listitem.firstChild.nextSibling // second column Don't you have the 'status' variable for this element? ::: mailnews/extensions/smime/src/nsMsgComposeSecure.cpp @@ +1238,3 @@ > } > > + // node now contains the first valid (if aRequireValidCert true) Node ::: mailnews/extensions/smime/src/nsSMimeJSHelper.cpp @@ +114,5 @@ > ToLowerCase(email, email_lowercase); > > nsCOMPtr<nsIX509Cert> cert; > if (NS_SUCCEEDED(nsMsgComposeSecure::FindCertByEmailAddress( > + email_lowercase, false, getter_AddRefs(cert)))) Align below nsMsgComposeSecure? @@ +221,5 @@ > ToLowerCase(mailboxes[i], email_lowercase); > > nsCOMPtr<nsIX509Cert> cert; > if (NS_SUCCEEDED(nsMsgComposeSecure::FindCertByEmailAddress( > + email_lowercase, true, getter_AddRefs(cert)))) Align below nsMsgComposeSecure?
Attachment #9001522 -
Flags: review?(acelists) → review+
Assignee | ||
Comment 16•6 years ago
|
||
(In reply to :aceman from comment #15) > > + status.setAttribute("value", "…"); > > What does this say? Temporary value until the status string is fetched? May > it need to be localized? Yes it's a placeholder. Changed it to "?" now. I wouldn't bother localizing, the value is practically never shown since the validation happens in a split second. Thanks for the review!
Assignee | ||
Comment 17•6 years ago
|
||
Attachment #9001522 -
Attachment is obsolete: true
Attachment #9001873 -
Flags: review+
Assignee | ||
Updated•6 years ago
|
Keywords: checkin-needed
Comment 18•6 years ago
|
||
Pushed by mozilla@jorgk.com: https://hg.mozilla.org/comm-central/rev/3d5c8c87d645 security info dialog doesn't show cert status anymore. r=aceman
Updated•6 years ago
|
Target Milestone: --- → Thunderbird 63.0
Assignee | ||
Comment 19•6 years ago
|
||
It would be nice to uplift, but for that the patch needs some adjustments (due to the listbox removal).
Comment 20•6 years ago
|
||
hg clone https://hg.mozilla.org/releases/comm-esr60 and Bob's your uncle ;-)
Assignee | ||
Comment 21•6 years ago
|
||
That and mozilla-esr60 yeah, I already have those.
Comment 22•6 years ago
|
||
(In reply to Magnus Melin from comment #21) > That and mozilla-esr60 yeah, ... Why? Does it need M-esr60 changes?
Assignee | ||
Comment 23•6 years ago
|
||
No, comm-esr60 isn't going to build with mc-trunk
Comment 24•6 years ago
|
||
Right, so you do a try push from comm-esr60 to make sure the adapted patch works. Or is that not feasible?
Comment 25•6 years ago
|
||
(In reply to Magnus Melin from comment #6) > (In reply to :aceman from comment #5) > > Comment on attachment 8999582 [details] [diff] [review] > > bug1293378_cert_status.patch > > > > Review of attachment 8999582 [details] [diff] [review]: > > ----------------------------------------------------------------- > > > > ::: mailnews/extensions/smime/content/msgCompSecurityInfo.js > > @@ +191,5 @@ > > > + const SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13; > > > + const SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20; > > > + const SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21; > > > + const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = SEC_ERROR_BASE + 30; > > > + const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = SEC_ERROR_BASE + 176; > > > > What are these constants (like 176)? Can't we fetch them by names from > > anywhere? > > Unfortunately we can't. I'm not sure why security things like these don't > define accessible named constants. I think it has something to do with that > part is nss code and part is integration code. > I don't think we should do another copy/paste for cert errors. I've reluctantly had to do it for feeds https://bugzilla.mozilla.org/show_bug.cgi?id=497488#c8 but it would be better to adapt/reuse this in a general utils jsm if there will be multiple callers.
Assignee | ||
Comment 26•6 years ago
|
||
Well nsINSSErrorsService would appear to be the correct place to me. Maybe I should file a bug and see if we can get it into there?
Assignee | ||
Comment 27•6 years ago
|
||
Filed bug 1484464.
Assignee | ||
Comment 28•6 years ago
|
||
For 60. Had to include bug 1453778 first
Attachment #9003732 -
Flags: review+
Attachment #9003732 -
Flags: approval-comm-esr60?
Comment 29•6 years ago
|
||
So you're saying bug 1453778 needs uplift, too?
Updated•6 years ago
|
Attachment #9003732 -
Flags: approval-comm-esr60? → approval-comm-esr60+
Assignee | ||
Comment 30•6 years ago
|
||
No i included and adjusted it, included in the esr patch already.
Comment 31•6 years ago
|
||
Actually, wouldn't it be cleaner to uplift bug 1453778 first? Then the original patch almost applies with one tweak.
Attachment #9003764 -
Flags: approval-comm-esr60+
Comment 32•6 years ago
|
||
Comment on attachment 9003732 [details] [diff] [review] bug1293378_cert_status.esr60.patch Let's not mix two bugs here.
Attachment #9003732 -
Flags: review+
Attachment #9003732 -
Flags: approval-comm-esr60+
Updated•6 years ago
|
Attachment #9003732 -
Attachment is obsolete: true
Comment 33•6 years ago
|
||
Comment on attachment 9003764 [details] [diff] [review] 1293378-esr60.patch This esr60 patch folded on top of the patch from bug 1453778 gives your esr60 patch, so it must be right.
Attachment #9003764 -
Flags: feedback?(mkmelin+mozilla)
Assignee | ||
Comment 34•6 years ago
|
||
You could look at it either way, this is all just adjusting to current reality. Seems odd to uplift a bug to port a bug which didn't land on esr :/ You have the same end result. I wouldn't spend time fiddling with it.
Comment 35•6 years ago
|
||
Comment on attachment 9003764 [details] [diff] [review] 1293378-esr60.patch Seems odd to mix up two bugs. I'll uplift bug 1453778. I do this sort of thing all the time.
Attachment #9003764 -
Flags: feedback?(mkmelin+mozilla)
Comment 36•6 years ago
|
||
TB 60 beta 11: https://hg.mozilla.org/releases/comm-beta/rev/2bc3eb38e9674628f6b15043f4dbb6d2d0770b72 Accidentally I'm the patch author since I refactored Magnus' ESR 60 patch. Note that the listitem/label processing is quite different: C-C 63: https://hg.mozilla.org/comm-central/rev/3d5c8c87d645#l1.104 C-B 60: https://hg.mozilla.org/releases/comm-beta/rev/2bc3eb38e9674628f6b15043f4dbb6d2d0770b72#l1.109 That's due to the listitem removal in mozilla63. Magnus, can you test that this works as desired.
Flags: needinfo?(mkmelin+mozilla)
Comment 37•6 years ago
|
||
Working :-) mbanner@mozilla.com - Expired - 16 April 2013 - 17 April 2014.
Flags: needinfo?(mkmelin+mozilla)
Comment 38•6 years ago
|
||
TB 60.1 ESR: https://hg.mozilla.org/releases/comm-esr60/rev/2af4d611dc8a6f42c106f5444d44de69a65feb7f
status-thunderbird_esr60:
--- → fixed
Assignee | ||
Comment 39•6 years ago
|
||
(In reply to Jorg K (GMT+2) from comment #36) > Magnus, can you test that this works as desired. Yes. Forgot to reply earlier (comment 24), but that's why I wanted a local build so I could check it out in action.
Updated•6 years ago
|
tracking-thunderbird_esr60:
--- → 61+
Updated•6 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•