Mail signing with certificate fails in 52.1.1

RESOLVED DUPLICATE of bug 1366228

Status

Thunderbird
Security
RESOLVED DUPLICATE of bug 1366228
a year ago
a year ago

People

(Reporter: ag.moz, Unassigned)

Tracking

52 Branch

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170504105526

Steps to reproduce:

1. Get a certificate from StartCom for email signing
2. Import it into Thunderbird
3. Create a new email message using the above email with digital signing enabled
4. Send it

Issuer:
CN = StartCom Class 1 Client CA
OU = StartCom Certification Authority
O = StartCom Ltd.
C = IL

Certificate Key Usage:
Critical
Signing
Key Encipherment

Extended Key Usage:
Not Critical
TLS Web Client Authentication (1.3.6.1.5.5.7.3.2)
E-mail protection (1.3.6.1.5.5.7.3.4)

Authority Information Access:
Not Critical
OCSP: URI: http://ocsp.startssl.com
CA Issuers: URI: http://aia.startssl.com/certs/sca.client1.crt



Actual results:

Mail fails to send, following error message appears:

Sending of the message failed.
Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.

Also, in about:config, the mail.identity.idxx.encryption_cert_dbkey mail.identity.idxx.signing_cert_dbkey values are removed for the account.



Expected results:

Mail successfully sends

Updated

a year ago
Component: Untriaged → Security

Comment 1

a year ago
Yep. StartCom certificates no longer work, see bug 1366228 and
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
Also, bug 1364339.
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1366228

Comment 2

a year ago
I have the same problem, my certificate was free issued by Comodo. This year is a RSA certificate, the old cert was SHA something. And it is not working too.

The error message is the same.

I have this problem with 2 accounts/2 certificates.

Portuguese Message (for reference):

Não foi possível salvar sua mensagem como rascunho.
Não foi possivel assinar a mensagem. Por favor, certifique-se de que os certificados especificados nas opções de “Configurar contas” para esta conta são válidos e considerados confiáveis.

Sending of the message failed.
Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.
You need to log in before you can comment on or make changes to this bug.