Open Bug 1364339 Opened 7 years ago Updated 2 years ago

S/MIME signed e-mail impossible with StartCom cert, even after editing trust to the root-certificate, results in error

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
54 Branch
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: mdavids, Unassigned)

Details

(Keywords: regression) 

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

Steps to reproduce:

Earlybird 54.0a2 (2017-05-10) on OSX 10.12.4
S/MIME Cert issued by StartCom CC ICA (intermediate) StartCom Certification Authority ECC (root)
Edit trust to the root-certificate, set it to full (selected all three options)
Trying to send S/MIME send e-mail


Actual results:

Mail is not send, error occurs:

Sending of the message failed.
You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired.

Console says:
NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIMsgComposeSecure.beginCryptoEncapsulation]  mimeEncrypt.js:137



Expected results:

Expected result is that message is send without problems. I am aware that it concerns a StartCom-cert, however I doubt if that is the cause of the problem because: 

1) I edit the trust, set it to full, cert show up as 'verified' in certificate manager.
2) Thunderbird 52.1.0 (64-bit) has no issues, mail is send without problems
3) When received, the S/MIME signature is accepted in Earlybird 54.0a2. So it does not show an error on the receiving side
Component: Untriaged → Security
Keywords: regression
Summary: S/MIME signed e-mail impossible, results in error → S/MIME signed e-mail impossible with StartCom cert, even after editing trust to the root-certificate, results in error

exactly same problem occuring to my thunderbird 91.4.0 / fedora 35
unable to send (and receive) s/mime messages (with valid certificate).

2 errors in the log window:

mailnews.send:
Exception { name: "NS_ERROR_FAILURE", message: "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIMsgComposeSecure.beginCryptoEncapsulation]", result: 2147500037, filename: "resource:///modules/MimeMessage.jsm", lineNumber: 457, columnNumber: 0, data: null, stack: "_startCryptoEncapsulation@resource:///modules/MimeMessage.jsm:457:25\n_writePart@resource:///modules/MimeMessage.jsm:502:12\n", location: XPCWrappedNative_NoHelper }
​columnNumber: 0
​data: null
​filename: "resource:///modules/MimeMessage.jsm"
​lineNumber: 457
​location: XPCWrappedNative_NoHelper { QueryInterface: QueryInterface(), filename: Getter, name: Getter, … }
​message: "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIMsgComposeSecure.beginCryptoEncapsulation]"
​name: "NS_ERROR_FAILURE"
​result: 2147500037
​stack: "_startCryptoEncapsulation@resource:///modules/MimeMessage.jsm:457:25\n_writePart@resource:///modules/MimeMessage.jsm:502:12\n"
​<prototype>: ExceptionPrototype { toString: toString(), name: Getter, message: Getter, … }

mailnews.send: Sending failed; , exitCode=2147500037, originalMsgURI= MessageSend.jsm:321:27
fail resource:///modules/MessageSend.jsm:321
createAndSendMessage resource:///modules/MessageSend.jsm:130

Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.