Closed
Bug 79318
Opened 23 years ago
Closed 23 years ago
0.9/daily build does not have root CA certificates.
Categories
(Core Graveyard :: Security: UI, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
psm2.0
People
(Reporter: mrsam, Assigned: blizzard)
References
Details
Attachments
(3 files)
Both 0.9 and latest daily build on Linux/i386/RH7-RPMs appear to have lost all the root certificates. Loading any https site results in mozilla complaining that it doesn't recognize the root certificate authority, and psm's root ca dialog is completely blank. Additionally, the 'unknown root ca' dialog is too small, and about 60% of it is cut off. Resizing the dialog (Gnome/Gtk/Sawfish) fails to refresh the exposed portion of the dialog. Since the Ok/Cancel buttons are not being exposed, there's no way to close the dialog, and it must be cancelled. End result: effectively https is completely disabled. No root certificates, no way to get mozilla to accept an unvalidated certificate.
Reporter | ||
Comment 1•23 years ago
|
||
Reporter | ||
Comment 2•23 years ago
|
||
Reporter | ||
Comment 3•23 years ago
|
||
I should also mention that mozilla here is configured to go through a proxy for both http and https.
Comment 4•23 years ago
|
||
See also bug 75615 and its dependecies
Assignee: mstoltz → ddrinan
Status: UNCONFIRMED → NEW
Component: Security: General → Client Library
Ever confirmed: true
Product: Browser → PSM
QA Contact: ckritzer → junruh
Version: other → 2.0
Comment 5•23 years ago
|
||
I don't see a lack of CA's in the list. Try setting up a new profile. type ./mozilla -ProfileManager or ./mozilla -help
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 6•23 years ago
|
||
Creating new profile makes no difference whatsoever. Still must use 041017 in order to use https. Tried both with/without proxy, no difference.
Comment 7•23 years ago
|
||
I am seing a very similar thing. I am using Mozilla 0.9 RH 6x RPMs on RedHat 6.2 + all updates. - For every new secure site I visit, I get the "Unknown CA" dialog. - After I accept the certificate, the "closed lock" icon would say "Signed by Verisign, Inc" or similar. - If I remove cert7.db, it is created empty - Clicking the "closed lock" icon or going to Tasks -> Privacy and Security -> PSM does not do anything - The "Security" tag of the "Page info" dialog is always blank.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Comment 8•23 years ago
|
||
Copying ~/.netscape/cert7.db created by N4 into the Mozilla profile directory hides the problem. IMHO, this means that Mozilla 0.9 does not have a problem with using the correct CA when they are present in cert7.db, but it is uncapable of adding proper CAs itself.
Severity: normal → major
Keywords: 4xp
Reporter | ||
Comment 9•23 years ago
|
||
Mozilla doesn't add the default root CA certs explicitly into cert7.db (unlike Netscape), it pulls them directly from PSM. Running 2001041017 build (last build I reliably used where SSL over a Socks5 proxy works): cert7.db is empty, mozilla validates root certs correctly, using the default root CA list compiled into PSM. Looks like .9/dailies are not reading the default cert list from psm. Copying the default root certs from NS4's cert7.db is a workaround.
Comment 10•23 years ago
|
||
Is this related to bug #59161 ?
Reporter | ||
Comment 11•23 years ago
|
||
Verified problem still exists as if 2001052819. Additionally, if the SSL certificate is manually accepted, "Certificate Details" lists "Unknown Issuer" for the certificate authority.
Reporter | ||
Comment 12•23 years ago
|
||
Comment 13•23 years ago
|
||
BTW, if the "copy cert7.db from N4" workaround is used, the Security Details has all the information.
Assignee | ||
Comment 15•23 years ago
|
||
This is actually an RPM spec file bug. I fixed this just this morning. I'm re-spinning builds now.
Assignee: ddrinan → blizzard
Status: REOPENED → NEW
Assignee | ||
Comment 16•23 years ago
|
||
This is fixed starting with the 0.9.1-pre2 rpms and will be in the next daily rpm.
Status: NEW → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → FIXED
Comment 17•23 years ago
|
||
Verifying - with mozilla pre0.9.1-2_rh7 RPMs I now see "Builtin Roots Module" in Device Manager and I no longer have "unknown root CA" problem.
Status: RESOLVED → VERIFIED
Assignee | ||
Comment 18•23 years ago
|
||
*** Bug 81429 has been marked as a duplicate of this bug. ***
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•