Closed Bug 1778153 Opened 3 years ago Closed 3 years ago

S/MIME certificate does not work anymore after upgrading to 102

Categories

(MailNews Core :: Security: S/MIME, defect)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
Thunderbird 102
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1777336

People

(Reporter: karpitschka, Unassigned)

References

(Blocks 1 open bug)

Details

Steps to reproduce:

I had an S/MIME certificate installed and used frequently in Thunderbird 91. Then upgraded to Thunderbird 102, everything standard.

Actual results:

When trying to send a digitally signed message, I get a Message Box "Senden der Nachricht fehlgeschlagen.
Kann Nachricht nicht signieren. Bitte überprüfen Sie, ob die Zertifikate, die für dieses Konto in den Konten-Einstellungen angegeben sind, für E-Mail gültig und vertrauenswürdig sind."
(Sending failed, can't sign message, please check if certificates are valid and trusted)
The certificate is valid and trusted. After deleting it from the S/MIME certificate manager, and importing it again into the certificate manager, I can send the message with the signature. After a while, it stops working again, and I have to delete and import the certificate again to make it work again. The bug seems to be triggered by time passing by, I can also send a few emails directly after one another. I can also close and open the software and send more emails, if done fast enough. It only stops working after some time interval.

Expected results:

Sending a signed email with my valid S/MIME certificate

Group: mail-core-security
Component: Untriaged → Security: S/MIME
Product: Thunderbird → MailNews Core
Blocks: tb102found

Stefan,
this bug report is likely the same root cause as my bug https://bugzilla.mozilla.org/show_bug.cgi?id=1777336.
Could you check if the timing of the failure to sign correlates to disappearance of an intermediate CA certificates imported along with the personal smime certificate?

Jeffrey,
the bug appears about 2 minutes (1:40 to 2:20) after importing the certificate. When viewing the certificate in Thunderbird, there are four "tabs" at the top, first is me, then three CAs, last of which is T-TeleSec GlobalRoot Class 2. This always looks identical, no matter whether within the first two minutes, or after. Validity dates of the intermediate CAs are all ok. Let me know if I can do further tests/checks.

Ok, just checked again: The first intermediate CA does not disappear from my certificate, but it does disappear from the list of CAs.

Do you have any add-ons installed that are related to certificates, like better viewers, expiration reminders etc? Anything on your system that is related to thunderbird, but isn't installed by default, and could be (accidentally) repsonsibly for removing intermediates?

No, I don't have any add-ons, just plain Thunderbird 102. Also I don't have anything on my system that would be related to Thunderbird, apart from Avast Anti Virus maybe. If I disable Avast, the problem persists

This is the same as bug 1777336, which is now understood, and we have a workaround. See bug 1777336 comment 43.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.