Open Bug 1919271 Opened 4 months ago Updated 4 months ago

Cannot send encrypted mail to user with S/MIME certificate from "Deutsche Telekom AG secure email CA E05"

Categories

(MailNews Core :: Security: S/MIME, defect)

Thunderbird 128
defect

Tracking

(Not tracked)

UNCONFIRMED

People

(Reporter: falko.strenzke, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0

Steps to reproduce:

I am currently using 128.2.0esr (64-Bit) on Debian 11.

I have in the Thunderbird certificate store the certificates:

  • "Deutsche Telekom AG secure email CA E05" (Subject Key ID 45:EF:6F:A8:A7:9A:E4:EB:CA:CC:5E:4F:A0:5A:95:B2:F5:9A:10:20)
  • and its issuer "T-TeleSec GlobalRoot Class 2" (Subject Key ID BF:59:20:36:00:79:A0:A0:22:6B:8C:D5:F2:61:D2:B8:2C:CB:82:4A)

I have two contacts who each have a valid S/MIME certificate issued by "Deutsche Telekom AG secure email CA E05". I try to encrypt an email to either of these contacts.

Actual results:

I cannot encrypt mails to these recipients. When I try, the GUI shows that no certificate is found for that recipient.

Expected results:

The certificate should have been found as valid. All my colleages don't seem to have a problem with these certificates. They are mostly working with Thunderbird on Windows.

Component: Untriaged → Security: S/MIME
Product: Thunderbird → MailNews Core

You say it's broken with Thunderbird on Debian,
but it's working with Thunderbird on Windows?

That it works under Windows is my conjecture because my colleages who are using Thunderbird on Windows don't seem to have that problem. But it might of course also be a subtle configuration problem on my system. I will try to find another colleage who uses Thunderbird on Linux to see if they have the same problem with those certificates. I will get back to you with more information.

We made some further tests now:

  • On a Debian 10 system with Thunderbird 128 the same error occurs for the affected certificate.
  • On an OpenSUSE Tumbleweed system with Thunderbird 115.15.0 the encryption to the certificate works (at least no error is shown in the compose window)

Also I recall that "up to some point" the same certificate worked on my system as well. Most likely that point was the update to Thunderbird 128.

Would it help if I sent you one of the affected certificates? Then I would ask the certificate holders if they agree to sharing the certificate with you. I would send it to you on a private channel in that case.

(In reply to Falko Strenzke from comment #3)

Would it help if I sent you one of the affected certificates? Then I would ask the certificate holders if they agree to sharing the certificate with you. I would send it to you on a private channel in that case.

yes please

You need to log in before you can comment on or make changes to this bug.