136814 - S/MIME has inconsistent behaviour/crashes after deletion of a certificate from cert7.db

Status: VERIFIED FIXED

(MailNews Core :: Security: S/MIME, defect, P2)

Description

[Tom Mraz]

When you delete a certificate from Other people and then you display signed
message from him it shows that it has not valid digital signature (broken pen).
There is text "There are unknown problems with this digital signature
...(1028)". It doesn't matter if the message was sent from Mozilla or Outlook.

If you then open the "manage certificates->other people" dialog and close it and
then you display the message again it is suddenly verified fine and you can
display the certificate (if it isn't opaque message from Outlook).

But if you once again open the "manage certificates->other people" dialog the
certificate isn't shown there.

If you close mozilla and run it again and once again open the "manage
certificates->other people" dialog the certificate now appears there.

Comment 1

[Charles Rosendahl]

Nominating nsbeta1:

1.  Create a new profile and set up mail account settings.
2.  Import a dual-use certificate and the CA that signed it
3.  Make sure the CA Trust bits are set
4.  Set the dual-use cert as the signing and encryption cert in mail settings
5.  Import a second dual-use cert with the same DN and privileges from the same CA
6.  Delete the second cert just imported into 'Your Certificates'
7.  Compose a message to foo@netscape.com
8.  Choose to digitally sign the message
9.  Click send
10. You should see a failure message.  Shutting down the client and restarting
resolves the problem.

Comment 2

[Stephane Saux]

Do you see a real world scenario where this sequence of events would happen?
How likely is it that a user would import these certs, then delete them right away?


Can you specify which certs were issued last?  Knowing this (or whether it
matters) would help in determining whether many people are going to run into
this issue.

At the moment I consider an edge case.

Comment 3

[Charles Rosendahl]

I see this on Windows, I did not see it on Mac (?).

The real problem is that in the user certs, deleting a cert does not refresh the
display or the cache.  The user cert is still displayed and a second attempt to
delete it will yield a dialog box without confirmation/cancellation buttons.

Deleting certs from the recipient tab works as expected.  The display is updated
and the cert is no longer present.

I agree what I did was not a transparent case.  At the time it was the easiest
way to reproduce the problem.

Now:
Import any two certs into your certificates.  Delete one of them.  Nothing gets
refreshed.

Comment 4

[Charles Rosendahl]

This bug is more serious than it first appeared.  The tempdb/cert cache is not
being refreshed after deletes are occurring.

Your certs:  Delete a cert - no refresh.  Delete it again, crash.

Other peoples:  Delete a cert, refresh on screen, but S/MIME tweaks.  
(separate bug - note to self) Say you had a cert for user A already, received a
new message from user A with a new cert, new cert gets added, but client still
trying to use older preexisting cert during encryption.

Authorities:  Delete a cert - no refresh.  Delete it again, same crash as above.

Incident IDs for crashes: 5283131,5275909

Comment 5

[Charles Rosendahl]

nominated nsbeta1.  Added crash,regression keywords

Comment 6

[Kai Engert (:KaiE:)]

Please test whether you still see problems, now that bug 129067 is fixed.

Comment 7

[Charles Rosendahl]

This is now fixed.  Any other problems will be addressed in new defects.

Comment 8

[Charles Rosendahl]

.