Open
Bug 1121450
Opened 11 years ago
Updated 1 year ago
usercertificate not fetched from address book LDAP even when using S/MIME
Categories
(MailNews Core :: Security: S/MIME, defect)
Tracking
(Not tracked)
UNCONFIRMED
People
(Reporter: kevin, Unassigned, NeedInfo)
References
Details
Attachments
(1 file)
|
2.97 KB,
text/plain
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Build ID: 20141126041045
Steps to reproduce:
Address autocomplete is on, user in LDAP has a usercertificate (works with Outlook) but TB does not fetch usercertificate, selected S/MIME encryption but TB says no certificate available
Actual results:
Cannot send encrypted S/MIME mail to user without loading their certificate manually from a file (or first exchanging signed mail). Same result in tests with version 31, 34 and 37
Expected results:
TB should fetch usercertificate via LDAP and S/MIME should then work. It works using Outlook against the same LDAP directory. I tested with Exchange LDAP and with OpenLDAP directories.
|
||
Comment 1•8 years ago
|
||
Kernel: Linux 4.12.0-2-amd64
System: Debian testing (buster)
Software: Thunderbird 52.3.0-4
Setup:
* address autocompletion is on
* user has attribute userCertificate, which corresponds to a valid certificate (works with manual installation)
* encryption is enabled by default / encryption is disabled by default (either setting)
* LDAP address books is correctly configured: searching within the address book works fine (and Thunderbird fetchs userCertificate, but does not seem to store it)
Step to reproduce:
* start new message (Ctrl+N)
* type prefix of user name
* wait for a few seconds
* user address is autocompleted
* enable encryption (Security menu>Encrypt this message)
Expected behavior:
* user certificate for encryption should be set up
* in security information, encrypted should show "Yes"
* sent mail should be encrypted
Actual behavior:
* no certificate is added
* encryption is impossible (status is "Not found")
* mail cannot be sent encrypted
Comments:
* starting a new message by right clicking on the contact after a search in the address book does not work either: Thunderbird does fetch userCertificate during the search, but discards it
Attachment #8548883 -
Attachment mime type: text/x-log → text/plain
It seems to me TB fetches the certificates from LDAP only when the message is sent OR if you go into View->Message security info.
The code in that cert checking dialog is fetching the ""usercertificate;binary" attribute from the server.
Can you tell which of these cases is failing?
Flags: needinfo?(quentin.santos)
Solved: the userCertificate is only fetched from the LDAP directory when AutoComplete is enabled. If you lookup a user by searching in AddressBook then S/MIME does not work if AutoComplete is not also turned on and looking at the same LDAP directory.
The troubleshooting had also been hindered by the fact that the search filter is quite complex and the search (against our Active Directory of several hundred thousand users) was timing out. I avoided that timeout by changing the preference to a much simpler search query filter:
mail.addr_book.quicksearchquery.format;(o(LastName,c,@V)(PrimaryEmail,c,@V))
For solving the complex LDAP search query you may support bug 1277195.
|
||
Updated•5 years ago
|
Component: Untriaged → Security
|
||
Updated•5 years ago
|
Component: Security → Security: S/MIME
Product: Thunderbird → MailNews Core
Version: 37 Branch → 37
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•