Closed
Bug 265873
Opened 20 years ago
Closed 8 years ago
Verification of eMail-CA's certificate fails "for unknown reasons"
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: tiede, Unassigned)
References
Details
(Whiteboard: [kerh-coz][psm-feedback])
Attachments
(2 files)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041003 Firefox/0.10.1 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041003 Firefox/0.10.1 A certificate of an eMail-only CA (nsCertType set to "emailCA") or an object-signing-only CA (nsCertType set to "objCA") can not be verified by the certificate manager. When using eMail-certificates issued by such a CA they can not be verified even if the CA's issuer is in the store of Certification Authorities in the certificate manager. The only way to make them available is to set their trust-level manually or to import the certificate of the CA which can not be verified and set its trust-level manually. Reproducible: Always Steps to Reproduce: 1. Create a CA's certificate signing request. 2. Sign this request with a CA's certificate, making sure, that the property "nsCertType" does not include "sslCA". 3. Import the issuing CA's certificate. 4. Import the just created certificate. Actual Results: The "General"-tab of the certificate display states "Could not verify this certificate for unknown reasons" Expected Results: The "General"-tab of the certificate display should state "This certificate has been verified for the following uses: xxx Certificate Authority", where "xxx" might be something like "eMail" or "Object". The bug can be seen in Firefox 1.0PR and Thunderbird 0.8. I've first discovered this bug under Linux, but it also applies to at least WindowsXP.
Reporter | ||
Comment 1•20 years ago
|
||
This is the certificate against which the following certificate should be verified.
Reporter | ||
Comment 2•20 years ago
|
||
This is the certificate which should be automatically verified by the certificate manager and to which the bug report applies.
Comment 3•19 years ago
|
||
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
Reporter | ||
Comment 4•19 years ago
|
||
bug is still existent in Thunderbird 1.0.6 (20050823).
Updated•19 years ago
|
Whiteboard: [kerh-coz]
Comment 5•18 years ago
|
||
This is a bug in PSM (the cert manager). It reports that the cert cannot be verified, when that may not be true. And it fails to report what problem it thinks it found. I suspect this is a duplicate of bug 289988. That is, I think this bug, and bug 289988 have the same cause, even if the certs involved were issued by different CAs. In both cases, the problem is PSM's cert validation.
Component: Security: S/MIME → Security: PSM
Updated•17 years ago
|
QA Contact: psm
Updated•17 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Updated•17 years ago
|
Attachment #163230 -
Attachment mime type: text/plain → application/x-x509-ca-cert
Updated•17 years ago
|
Attachment #163231 -
Attachment mime type: text/plain → application/x-x509-email-cert
Comment 6•16 years ago
|
||
This bug is superficially a duplicate of bug 91403, but this bug is about Thunderbird and email certs, while bug 91403 is about browsers. So I'm not marking this as a dupl But feel free to do so if you think that both issues will be resolved by the same patch.
Updated•14 years ago
|
nsCertType isn't supported.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•