Closed
Bug 243738
Opened 20 years ago
Closed 8 years ago
Unable to use Certificate for Signing / Encryption when it contains special characters ÄÖÜ
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: r.kraenzlein, Unassigned)
Details
(Whiteboard: [kerh-coz])
Attachments
(3 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113 Mozilla refuses to use a certificate, if the owners name contains any 'Umlaute'. I tried a trustcenter.de certificate. When I deleted the certificate and created a new one without дьц, it worked correctly. The problem seems to be with the account manager, cause I use one certificate with 'д' for a very long time and it works, but I am not able to select a certificate for a new E-Mail adress with 'д' in it. Reproducible: Always Steps to Reproduce: 1. Create a Mail Certificate. e.g. at trustcenter.de with an дьц-character in Owners Name 2. Install Certificate 3. At the Account Setting for the specific E-Mail adress select the certificate for signing an encryption 4. Try to send an signed or encrypted E-Mail Actual Results: The E-Mail isn't signed or encrypted Expected Results: Sign / Encryp the outgoing Mail - It is quiete easy to get a Workaround by getting a new Certificate if you know why it doesn't work. The Problem is with certificates e.g. given out by a bank or government, because they refuse to change the owners name. - The bug is the same with Win 98
Comment 1•20 years ago
|
||
My name contains the common Danish character ø and Mozilla refuses to sign my messages and return this error: "Sending of message failed: You specified that this message should be digitally, but the application either failed to find an encryption certificate to include in the signed message, or the certificate has expired" I will get a friend without special character in his/her name to try the same and report back.
Comment 2•20 years ago
|
||
I can now confirm that the problem does not exist when certificate owner does not include special characters.
Comment 3•20 years ago
|
||
The error message I quoted in my previous post was outdated. Sorry. The current one (1.6) is: <quote> Sending of message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired. </quote>
Comment 4•20 years ago
|
||
Still present in Mozilla 1.7.
Updated•20 years ago
|
Flags: blocking1.8a2?
Comment 5•20 years ago
|
||
This could be related to: http://bugzilla.mozilla.org/show_bug.cgi?id=243795
Updated•20 years ago
|
Flags: blocking1.8a2? → blocking1.8a2-
Updated•20 years ago
|
Product: Browser → Seamonkey
Comment 6•20 years ago
|
||
*** This bug has been confirmed by popular vote. ***
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 7•19 years ago
|
||
To the reporters of this bug, Robert and Søren, Please read the questions in https://bugzilla.mozilla.org/show_bug.cgi?id=217305#c35 and answer them with follow-up comments in this bug report (243738). Also, if you will, please email me copies of your cert7.db and cert8.db files (not key3.db), using the instructions found in https://bugzilla.mozilla.org/show_bug.cgi?id=217305#c42 Once I have some sample files that show the problem, I may be able to devise a method to fix them.
Summary: Unable to use Certificate fpr Signing / Encryption when Certificate Owner's contains special characters such as ÄÖÜ → Unable to use Certificate for Signing / Encryption when it contains special characters ÄÖÜ
Comment 8•19 years ago
|
||
Hi Nelson, I no longer have that certificate stored in Mozilla so I can't send any files but IIRC I discovered it in Mozilla 1.6, imported PKCS12, cert expires june 2006 and was probably installed in june 2004. My certificates are now stored on a smart card device (etoken) but still I can't even select the appropriate certificate with ø in the account settings -> security. Please let me know if you need more information. Søren
Comment 9•19 years ago
|
||
Robert Kränzlein sent me the following additional details: > The certificate is installed by clicking on the website (Firefox 1.0.2) then > exported as .p12-file and reimported to Thunderbird version 1.0 (20041206) So, this is a Thunderbird bug, also, and not only a Seamonkey bug. So, I'm moving this to core, since TB doesn't seem to have a relevant component. And this tells me that there is no problem exporting and importing this cert. Also, I verified that the nickname in this cert8.db file is valid UTF8. So this is not the same problem as in bug 217305. > When trying to sign a message following error appears. > > Sending of message failed > Unable to sign message. Please check that the certificates > specified in Mail & Newsgroups Account > Settings for this mail account are valid and trusted That's a different error message than the one given in comment 1 above.
Component: MailNews: Account Manager → Security: PSM
No longer depends on: 217305
Product: Mozilla Application Suite → Core
Updated•19 years ago
|
Whiteboard: [kerh-coz]
Updated•17 years ago
|
Assignee: sspitzer → kengert
QA Contact: psm
Comment 10•17 years ago
|
||
I can not reproduce this bug. I produced a test CA cert and 2 personal certs. In the personal certs I played with German öäüÖÄÜß chars and the Danish ø. I used the chars in the CN and in the nickname. I was able to import this into Thunderbird 2.x, the mail security cert picker offered me both certs and allows me to select them. Well, at least this works on Linux. Anyone dares to try this on Windows? I propose we mark this as WORKSFORME unless you are able to reproduce a problem with the certs that I'll attach.
Comment 11•17 years ago
|
||
Comment 12•17 years ago
|
||
Comment 13•17 years ago
|
||
Comment 14•17 years ago
|
||
Looking at comment 0, we see that the bug reporter was using Mozilla Application Suite 1.6. That version, and all versions prior to 1.7 had a problem, where strings with ISO-Latin-1 characters were sometimes used as nicknames without translating them from Latin-1 to UTF-8. This caused the resultant nickname string to be ab invalid UTF-8 nickname. (Nicknames are always UTF-8.) That problem was fixed in Moz 1.7 by John Myers (IIRC). The code now translates Latin-1 to UTF-8 when making a nickname. So, people who have enrolled for certs with version 1.7 and newer have not seen the problem, AFAIK. However the fix in 1.7 did not fix existing flawed databases. Users of current mozilla browsers (FF or SM) who have databases originally generated by a pre-1.7 version of mozilla app suite still have these problems because their cert DB's still have invalid nicknames. That is the subject of Bug 237077 and is why Bug 217305 is still open. See those bugs for more details.
From comment 14, it seems that all currently-valid certificates won't have this problem. Please re-open if that's not the case.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•