Closed Bug 79318 Opened 23 years ago Closed 23 years ago

0.9/daily build does not have root CA certificates.

Categories

(Core Graveyard :: Security: UI, defect, P1)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
psm2.0

People

(Reporter: mrsam, Assigned: blizzard)

References

Details

Attachments

(3 files)

PSM: all the root CAs are gone.
5.22 KB, image/png
Details
https://sourceforge.net - unknown root CA dialog, then the dialog does not refresh when it is being resized, resulting in this visual garbage.
17.50 KB, image/png
Details
Security Details dialog in 2001052819 for https://sourceforge.net
13.26 KB, image/png
Details 
Both 0.9 and latest daily build on Linux/i386/RH7-RPMs appear to have lost all
the root certificates.  Loading any https site results in mozilla complaining
that it doesn't recognize the root certificate authority, and psm's root ca
dialog is completely blank.

Additionally, the 'unknown root ca' dialog is too small, and about 60% of it is
cut off.  Resizing the dialog (Gnome/Gtk/Sawfish) fails to refresh the exposed
portion of the dialog.  Since the Ok/Cancel buttons are not being exposed,
there's no way to close the dialog, and it must be cancelled.

End result: effectively https is completely disabled.  No root certificates, no
way to get mozilla to accept an unvalidated certificate.

    
    

    
  
I should also mention that mozilla here is configured to go through a proxy for
both http and https.



    
    

    
  
See also bug 75615 and its dependecies
Assignee: mstoltz → ddrinan
Status: UNCONFIRMED → NEW
Component: Security: General → Client Library
Ever confirmed: true
Product: Browser → PSM
QA Contact: ckritzer → junruh
Version: other → 2.0

    
    

    
  
I don't see a lack of CA's in the list. Try setting up a new profile.
type ./mozilla -ProfileManager or ./mozilla -help
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME

    
    

    
  
Creating new profile makes no difference whatsoever.  Still must use 041017 in
order to use https.  Tried both with/without proxy, no difference.  



    
    

    
  
I am seing a very similar thing. I am using Mozilla 0.9 RH 6x RPMs on RedHat 6.2
+ all updates.

- For every new secure site I visit, I get the "Unknown CA" dialog.
- After I accept the certificate, the "closed lock" icon would say "Signed by
Verisign, Inc" or similar.
- If I remove cert7.db, it is created empty
- Clicking the "closed lock" icon or going to Tasks -> Privacy and Security ->
PSM does not do anything
- The "Security" tag of the "Page info" dialog is always blank.

Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---

    
    

    
  
Copying ~/.netscape/cert7.db created by N4 into the Mozilla profile directory
hides the problem. IMHO, this means that Mozilla 0.9 does not have a problem
with using the correct CA when they are present in cert7.db, but it is uncapable
of adding proper CAs itself.
Severity: normal → major
Keywords: 4xp

    
    

    
  
Mozilla doesn't add the default root CA certs explicitly into cert7.db (unlike
Netscape), it pulls them directly from PSM.  Running 2001041017 build (last
build I reliably used where SSL over a Socks5 proxy works): cert7.db is empty,
mozilla validates root certs correctly, using the default root CA list compiled
into PSM.  Looks like .9/dailies are not reading the default cert list from psm.
Copying the default root certs from NS4's cert7.db is a workaround.



    
  
Target Milestone: --- → 2.0

    
    

    
  
Is this related to bug #59161 ?

    
    

    
  
Verified problem still exists as if 2001052819.

Additionally, if the SSL certificate is manually accepted, "Certificate Details"
lists "Unknown Issuer" for the certificate authority.

    
    

    
  
BTW, if the "copy cert7.db from N4" workaround is used, the Security Details has
all the information.

    
    

    
  
-> p1
Priority: -- → P1

    
    

    
  
This is actually an RPM spec file bug.  I fixed this just this morning.  I'm
re-spinning builds now.
Assignee: ddrinan → blizzard
Status: REOPENED → NEW

    
    

    
  
This is fixed starting with the 0.9.1-pre2 rpms and will be in the next daily rpm.
Status: NEW → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → FIXED

    
    

    
  
Verifying - with mozilla pre0.9.1-2_rh7 RPMs I now see "Builtin Roots Module" in
Device Manager and I no longer have "unknown root CA" problem.
Status: RESOLVED → VERIFIED

    
    

    
  
*** Bug 81429 has been marked as a duplicate of this bug. ***

    
  
Product: PSM → Core

    
  
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: