Closed
Bug 106812
Opened 23 years ago
Closed 23 years ago
Can't send an encrypted msg to whom has sent a signed msg
Categories
(MailNews Core :: Security: S/MIME, defect, P1)
Tracking
(Not tracked)
VERIFIED
WORKSFORME
psm2.2
People
(Reporter: alam, Assigned: KaiE)
References
Details
Attachments
(1 file)
4.54 KB,
image/gif
|
Details |
Build: 2001-10-24-14-OTIS commercial build. If User A sent a sign msg to User B, User B is not able to send an encrypted msg back to User A. Step to reproduce: 1) From User A account, send a sign msg to User B 2) User B read the sign msg and the User A cert is store in "Other Peoples" CertDB 3) Try to send an encrypted msg from User B account to User A It failed and give the error message "Sending of message failed" (I will provide the screenshot later) Note: If I add the recipient cert from the netscape phonebook, it worked fine.
Reporter | ||
Comment 1•23 years ago
|
||
Reporter | ||
Comment 2•23 years ago
|
||
cc kaie
Assignee | ||
Comment 3•23 years ago
|
||
David just checked in a fix to the otis test branch, I tested it and it works now for me. Please allow some time for rebuild and retest with the next otis test build. When you retest, be sure you first delete the certs you received in previous sessions, as during receiving a special flag is now added to the cert database that makes it work. (However, what is left to be done: We should give a better error dialog in case sending fails because certificate was not found, but that is probably a different bug.)
Updated•23 years ago
|
Priority: -- → P1
Target Milestone: --- → 2.2
Reporter | ||
Comment 4•23 years ago
|
||
Tried with 2001-11-13-09 trunk build on NT, and the problem still existed. I am getting the same error message: "Sending of message failed" (See attachment above).
Reporter | ||
Comment 5•23 years ago
|
||
Couple more things: 1) It seems that it is not working for dual-key certs only. It worked fine with single dual-purpose certificate though. For example, if an user used dual-key certs to sign the message, then the recipient is NOT able to reply the sender with an encrypted message. However, if an user used a single dual-purpose cert to sign the message, the recipient is able to send back an encrypted message to the sender. 2) For the testing in item one, I checked the "Aways encrypt" checkbox in the Secure Mail pref in the Mail Account setting, since the Option|Security menu option is still missing in the 2001-11-13-09 trunk build. Other than that, the steps should be the same as I described above. (Not sure that will make the difference).
Reporter | ||
Updated•23 years ago
|
Component: Client Library → S/MIME
Assignee | ||
Comment 7•23 years ago
|
||
The fact that it only happens in a dual-cert environment, makes me believe, that on signing the wrong "own" certificate gets attached. If the signing cert is attached, the other side will not be able to encrypt, because usage does not allow that. We must make sure that the encryption cert is attached. Assigning to myself.
Assignee: ddrinan → kaie
Comment 8•23 years ago
|
||
I'm pretty sure the right certs get attached. Are you sure this is still happening? I can work with you by setting new profile, you send me a signed email, I respond with encrypted.
Assignee | ||
Comment 9•23 years ago
|
||
Our code needs to be extended. Currently, only signing a message results in a certificate being attached. It is the signing cert that gets attached. If we send an encrypted message, self's encryption cert must be attached. Our code must attach both certificates if self uses dual-certs, but should include it only once if a single cert is used for both purposes. In addition, I think now the time has come to extend the general certificate picker and configuration storage code that identifies a cert using values stored in preferences.
Assignee | ||
Comment 10•23 years ago
|
||
Stephane, due to the last paragraph in my previous comment, and the fact that our dual-certs use the same nickname, it might happen that accidentially the wrong cert get's attached.
Comment 11•23 years ago
|
||
Kai: nsMsgComposeSecure.cpp:666 rv = cinfo->CreateSigned(mSelfSigningCert, mSelfEncryptionCert, sec_item_data, sec_item_len); mSelfSigningCert and mSelfEncryptionCert are set in the code I just fixed. Before that fix, it could happen that the cert was not found. In: nsCMS.cpp:324 on is where the certs are attached, and they appears to be.
Updated•23 years ago
|
QA Contact: junruh → alam
Comment 12•23 years ago
|
||
works for me buildId 2002010703 Win2000
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 13•23 years ago
|
||
Tested with 2002011103 build, I still got the same problem. I have confirmed that the sender's encryption cert is stored in the certDB, and both the Intranet Certificate Authority and GTE Cyber Trust Root CAs are trusted for mail user. I am getting the following error message when try to send an encrypted mail: Sending of message failed You requested to encrypt this message, but the application failed to find an encryption cert for sectest@netscape.com
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Reporter | ||
Comment 14•23 years ago
|
||
If I migrate from previous 4.7 profile (where there is other person's encrypting cert) to current mozilla build, I am able to send the person an encrypted message. But I can't send an encrypted msg to who has sent me a signed message with dual-key certs.
Comment 15•23 years ago
|
||
S/MIME bugs are automatically nsbeta1 candidates. (this is a bulk update - there may be some adjustment of the list).
Keywords: nsbeta1
Assignee | ||
Comment 16•23 years ago
|
||
Antonio, now that we have landed NSS 3.4, can you please repeat the tests? I just tested, and it worked for me. Please reopen the bug if you still see problems.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 17•23 years ago
|
||
Confirmed and verified with today's trunk build (20020212).
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•