Open Bug 1535546 Opened 6 years ago Updated 2 years ago

Cannot sign email if authority of certificate is unknown for Thunderbird

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: vavra, Unassigned)

Details

Attachments

(1 file)

a.png
7.06 KB, image/png
Details
Attached image a.png

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0

Steps to reproduce:

Try to create, sign and send an email.
TB version is 60.5.3, x64, Windows.

Actual results:

TB refused to sign and send the mail. An error dialog is displayed with message: TB cannot find corresponding certificate in account setup or the certificate has expired.

But nothing of it is true.
If I have had installed parent (and root) certificate of the signing certificate, TB allows me to sign it.

Expected results:

TB should import certificate path of signing certificate from p12 container or at least display another error message: I don't have full certification path ...

I assume you talk about S/MIME certificates.

IIUC TB requires that it can verify that your own certificate can be verified to be valid. This requires the root issuer CA to be available and trusted for email.

I have no problem with this requirement.
I have problem that TB didn't tell me during sending an email that the certificate must be known (its cert path available and trusted).
Or at least say this third condition in the error message.

There is an enhancement available: During certificate import should TB say that the imported signing certificate isn't trusted or import its cert path from 12 container and ask for trusting it.

Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: