Closed
Bug 136469
Opened 22 years ago
Closed 22 years ago
OCSP Settings cause confusion during encryption of message
Categories
(MailNews Core :: Security: S/MIME, defect)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 183990
Future
People
(Reporter: carosendahl, Assigned: ssaux)
References
(Blocks 1 open bug)
Details
Using the Intranet CA, signed by GTE Cybertrust Root CA, both of which have been
marked as trusted for all uses.
Change preferences->Privacy&Security->Validation "Use OCSP to validate only
certificates that specify an OCSP URL", which the Intranet CA does. I do not
know the value of the URL however. The details spit out a bunch of hex values
for the extension.
All certs issued by the CA then become invalid.
There is confusion for the following reasons:
1. All CA certs in the chain have been marked as trusted.
2. The viewing of the certificate details displays the following text:
"The certificate has been verified for the following uses:"
with an empty list of privileges.
3. The security info dialog in the composition window displays all certs signed
by the intranet CA as invalid.
The message is encrypted (Do not check signing). This slightly different than
bug 136459 in that if the cert is invalid, then you should not be able to
encrypt with it.
There needs to be a better error message indicating that:
- OCSP is being used instead of trust bits (which I believe is correct to override)
- The certificate is valid, but it is valid for nothing (!)
- Errors related to interacting with OCSP services.
Thsi bug is related to bug 136459, but yet a different bug.
|
Assignee | |
Updated•22 years ago
|
Target Milestone: --- → Future
|
Reporter | |
Comment 1•22 years ago
|
||
This bug is no longer valid - it is, but it is stale. refer to bug 183990 *** This bug has been marked as a duplicate of 183990 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•