Open Bug 1909433 Opened 1 year ago Updated 25 days ago

S/MIME certificate configuration automatically changes to other cert

Categories

(MailNews Core :: Security: S/MIME, defect)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
Thunderbird 115
Type:
defect

Tracking

(Not tracked)

People

(Reporter: KaiE, Assigned: KaiE)

References

(Blocks 1 open bug)

Details

(Whiteboard: [mailsec-broken-fixwanted])

This is an issue that I have been experiencing at various times over the past, but couldn't reliable reproduce.

I'm selecting a personal S/MIME certificate in account settings, and I see that the summary string shows the one I've just selected (identified by fingerprint).

We apparently allow selecting a certificate that isn't considered completely valid. (I don't remember why we do that. Maybe validating the full set of certs was considered to expensive in the past?)

If I'm trying to send a signed S/MIME email, but the configured certificate is considered invalid (in my scenario, the intermediate CA cert was absent), sending the email fails. That's expected and correct behavior.

However, after I restart, account settings show that a different certificate is now selected. That's wrong, unexpected and confusing.

I would like to understand why that happens, and prevent the automatic change from happening.

In my scenario, the selection switched to another certificate for the same email address.
That might have influenced the automatic change.

Version: unspecified → Thunderbird 115
Whiteboard: [mailsec-broken-fixwanted]
You need to log in before you can comment on or make changes to this bug.