Closed Bug 1366630 Opened 7 years ago Closed 7 years ago

Mail signing with certificate fails in 52.1.1

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1366228

People

(Reporter: ag.moz, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170504105526

Steps to reproduce:

1. Get a certificate from StartCom for email signing
2. Import it into Thunderbird
3. Create a new email message using the above email with digital signing enabled
4. Send it

Issuer:
CN = StartCom Class 1 Client CA
OU = StartCom Certification Authority
O = StartCom Ltd.
C = IL

Certificate Key Usage:
Critical
Signing
Key Encipherment

Extended Key Usage:
Not Critical
TLS Web Client Authentication (1.3.6.1.5.5.7.3.2)
E-mail protection (1.3.6.1.5.5.7.3.4)

Authority Information Access:
Not Critical
OCSP: URI: http://ocsp.startssl.com
CA Issuers: URI: http://aia.startssl.com/certs/sca.client1.crt



Actual results:

Mail fails to send, following error message appears:

Sending of the message failed.
Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.

Also, in about:config, the mail.identity.idxx.encryption_cert_dbkey mail.identity.idxx.signing_cert_dbkey values are removed for the account.



Expected results:

Mail successfully sends
Component: Untriaged → Security
Yep. StartCom certificates no longer work, see bug 1366228 and
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
Also, bug 1364339.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
I have the same problem, my certificate was free issued by Comodo. This year is a RSA certificate, the old cert was SHA something. And it is not working too.

The error message is the same.

I have this problem with 2 accounts/2 certificates.

Portuguese Message (for reference):

Não foi possível salvar sua mensagem como rascunho.
Não foi possivel assinar a mensagem. Por favor, certifique-se de que os certificados especificados nas opções de “Configurar contas” para esta conta são válidos e considerados confiáveis.

Sending of the message failed.
Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.
You need to log in before you can comment on or make changes to this bug.