Closed Bug 299217 Opened 20 years ago Closed 19 years ago

smime signer cert not validated when in chain hierarchy even with correct root installed

Categories

(MailNews Core :: Security: S/MIME, defect)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
1.7 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: bugzilla, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 SUSE/1.0.4-1.1
Build Identifier: Thunderbird version 1.0.2 (20050317) / Suse 9.3

We drive a multilevel-certification authority
root
+main-ca
++mail-ca
+++users certificate

The root certificate is imported and trusted, the signed mail contains all
certificates up to the root-ca but TB says the certificate is not trusted.
From a PKI Point of View it is ok to trust a sub-ca if I trust the main CA for
the same purpose, so the philosopic question if auto-importing the chain like
started in 274616 should be obsolete.

I think the problem is related with Bug #286234 as it shows up the same problem.



Reproducible: Always

Steps to Reproduce:
1. Create a UserCert with a chained Certification Authority
Root->IntermediateCA->EndUserCert
2. Import the Root Certificate and trust it for eMail Signing
3. Send a signed Mail to the client
4. Try to verifiy the signarure

Actual Results:  
The signature is not valid, even if the chain is there (intermediate cert is
send within the mail)

Expected Results:  
Show the Signature as valid silently (prefered) or give a note to the user that
there is a new chain that can successfully validated and prompt him to import
the chain.
Assignee: dveditz → kaie
Component: Security → Security: S/MIME
Product: Thunderbird → Core
QA Contact: thunderbird
Version: unspecified → 1.7 Branch
Please make a testcase available.
Provide the root certificate installable over the internet.
Send me such a signed email message quoting the bug number in the subject.
Thanks.

Hi Oliver, thanks for sending me the requested email message.

I installed the root certificate (only) and trusted it as an email CA.
Then I opened your message again, and I see a valid signature!

I'm using Mozilla 1.7.8 on Fedora Core Linux.
I thereby can not confirm it is a problem in the core.

Please do some more tests.
Maybe you want to test yourself with the Mozilla application suite.

Maybe you'll find out this problem is specific to Thunderbird or to the SuSE build?

It seems that this bug is dependant on a corrupted profile. I switch from
Mozilla (1.7) to FF/TB and imported the old mozilla profiles - with this profile
I can reproduce the problem with the suse and the mozilla binarys.
With a fresh profile there is no such problem - I dont realy have an idea whats
going on....
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
Assignee: kaie → nobody
Product: Core → MailNews Core
QA Contact: s.mime
You need to log in before you can comment on or make changes to this bug.