Open
Bug 525068
Opened 15 years ago
Updated 2 years ago
Expired certificates conflicts prevent message encryption
Categories
(MailNews Core :: Security: S/MIME, defect)
Tracking
(Not tracked)
NEW
People
(Reporter: danosaure+mozilla, Unassigned)
Details
(Whiteboard: [psm-smime])
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 Build Identifier: version 2.0.0.23 (20090812) When importing a new certificate from one person, it is not possible to encrypt any message to that person unless we delete all expired certificates from that person. I can delete those expired certificates, restart TB, open a message with the latest unexpired certificate and I can encrypt emails to that person. This is ok, but it becomes a problem if that person is myself, or one of the other email address I have. I cannot send an encrypted email to another of my emails if I have expired certificates. I cannot delete those expired certificates since I need them to decrypt old crypted emails. Reproducible: Always Steps to Reproduce: 1. Have an expired certificatte for your email. 2. Import a new certificate with the same email. 3. Compose 4. Type your email 5. Click on "Security" -> "View Security Info". Actual Results: Recipient shows "your email". Status: Not found Expected Results: Show "Found", Issued date and expires date.
Updated•15 years ago
|
Assignee: nobody → kaie
Component: Message Compose Window → Security: PSM
Product: Thunderbird → Core
QA Contact: message-compose → psm
Version: unspecified → 1.8 Branch
Comment 1•14 years ago
|
||
Mass change owner of unconfirmed "Core:Security UI/PSM/SMime" bugs to nobody. Search for kaie-20100607-unconfirmed-nobody
Assignee: kaie → nobody
Comment 2•14 years ago
|
||
This problem may be related to the "hidden S/Mime profile". Each time you display and read a signed S/Mime message from the same sender email address, the NSS database will remember the preferred encryption certificate which has been listed inside the signed message. Simply importing a certificate into cert manager will not update that hidden profile. Try to send a signed email to yourself, using the new preferred cert, this might enable you to send an encrypted message afterwards. Does this work for you?
Whiteboard: [psm-smime]
I am not sure what you are asking me to do... I can: - send signed email from A@B.C to X@Y.Z - send signed and encrypted email from A@B.C to X@Y.Z - read signed email on X@Y.Z from A@B.C - read signed and encrypted on X@Y.Z from A@B.C - send signed email from X@Y.Z to A@B.C I cannot (even if I can read signed email from A@B.C to X@Y.Z): - send signed and encrypted email from X@Y.Z to A@B.C - send encrypted email from X@Y.Z to A@B.C - send signed and encrypted email from X@Y.Z to X@Y.Z If not any of these combination, can you specify to me what order you want me to test? I have tested with TB 3.0.5, and just downloaded and tested with 3.1. Same results. Also, funny thing, I just noticed that this also prevent me from saving to draft if I've checked Encrypt
Comment 4•14 years ago
|
||
I can confirm this bug also exists in TB 3.0.6. (Linux) It does not help, Send a signed (with the new, valid certificate) eMail to force the sender to use the new certifcate.
Comment 5•14 years ago
|
||
Confirmed here too.
Updated•14 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 6•14 years ago
|
||
I have exactly same problem here. We are migrating from one CA to another. Users have certs from the old one and from new one CA. But Thunderbird always choose the first known certificate. Even if this certificate is expired (the one from old CA). Only known workaround is to delete expired certificates from certificate store. This is very painfull because users are exchanging certificates as they expires... I belive this is duplicate of #495655 and #531073 I tested this with Thunderbird 3.1.6 on Linux.
I can confirm that behaviour for Thunderbird 3.1.4 to 3.1.6 on Windows as well. Seems to be platform independent.
Component: Security: PSM → Security: S/MIME
Product: Core → MailNews Core
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•