smime signer cert not validated when in chain hierarchy even with correct root installed

RESOLVED WORKSFORME

Status

--
major
RESOLVED WORKSFORME
13 years ago
9 years ago

People

(Reporter: bugzilla, Unassigned)

Tracking

1.7 Branch
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 SUSE/1.0.4-1.1
Build Identifier: Thunderbird version 1.0.2 (20050317) / Suse 9.3

We drive a multilevel-certification authority
root
+main-ca
++mail-ca
+++users certificate

The root certificate is imported and trusted, the signed mail contains all
certificates up to the root-ca but TB says the certificate is not trusted.
From a PKI Point of View it is ok to trust a sub-ca if I trust the main CA for
the same purpose, so the philosopic question if auto-importing the chain like
started in 274616 should be obsolete.

I think the problem is related with Bug #286234 as it shows up the same problem.



Reproducible: Always

Steps to Reproduce:
1. Create a UserCert with a chained Certification Authority
Root->IntermediateCA->EndUserCert
2. Import the Root Certificate and trust it for eMail Signing
3. Send a signed Mail to the client
4. Try to verifiy the signarure

Actual Results:  
The signature is not valid, even if the chain is there (intermediate cert is
send within the mail)

Expected Results:  
Show the Signature as valid silently (prefered) or give a note to the user that
there is a new chain that can successfully validated and prompt him to import
the chain.
Assignee: dveditz → kaie
Component: Security → Security: S/MIME
Product: Thunderbird → Core
QA Contact: thunderbird
Version: unspecified → 1.7 Branch

Comment 1

13 years ago
Please make a testcase available.
Provide the root certificate installable over the internet.
Send me such a signed email message quoting the bug number in the subject.
Thanks.

Comment 2

13 years ago
Hi Oliver, thanks for sending me the requested email message.

I installed the root certificate (only) and trusted it as an email CA.
Then I opened your message again, and I see a valid signature!

I'm using Mozilla 1.7.8 on Fedora Core Linux.
I thereby can not confirm it is a problem in the core.

Please do some more tests.
Maybe you want to test yourself with the Mozilla application suite.

Maybe you'll find out this problem is specific to Thunderbird or to the SuSE build?
(Reporter)

Comment 3

13 years ago
It seems that this bug is dependant on a corrupted profile. I switch from
Mozilla (1.7) to FF/TB and imported the old mozilla profiles - with this profile
I can reproduce the problem with the suse and the mozilla binarys.
With a fresh profile there is no such problem - I dont realy have an idea whats
going on....
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → WORKSFORME

Updated

9 years ago
Assignee: kaie → nobody
Component: Security: S/MIME → Security: S/MIME
Product: Core → MailNews Core
QA Contact: s.mime
You need to log in before you can comment on or make changes to this bug.