Closed
Bug 299217
Opened 19 years ago
Closed 19 years ago
smime signer cert not validated when in chain hierarchy even with correct root installed
Categories
(MailNews Core :: Security: S/MIME, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: bugzilla, Unassigned)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 SUSE/1.0.4-1.1 Build Identifier: Thunderbird version 1.0.2 (20050317) / Suse 9.3 We drive a multilevel-certification authority root +main-ca ++mail-ca +++users certificate The root certificate is imported and trusted, the signed mail contains all certificates up to the root-ca but TB says the certificate is not trusted. From a PKI Point of View it is ok to trust a sub-ca if I trust the main CA for the same purpose, so the philosopic question if auto-importing the chain like started in 274616 should be obsolete. I think the problem is related with Bug #286234 as it shows up the same problem. Reproducible: Always Steps to Reproduce: 1. Create a UserCert with a chained Certification Authority Root->IntermediateCA->EndUserCert 2. Import the Root Certificate and trust it for eMail Signing 3. Send a signed Mail to the client 4. Try to verifiy the signarure Actual Results: The signature is not valid, even if the chain is there (intermediate cert is send within the mail) Expected Results: Show the Signature as valid silently (prefered) or give a note to the user that there is a new chain that can successfully validated and prompt him to import the chain.
Updated•19 years ago
|
Assignee: dveditz → kaie
Component: Security → Security: S/MIME
Product: Thunderbird → Core
QA Contact: thunderbird
Version: unspecified → 1.7 Branch
Comment 1•19 years ago
|
||
Please make a testcase available. Provide the root certificate installable over the internet. Send me such a signed email message quoting the bug number in the subject. Thanks.
Comment 2•19 years ago
|
||
Hi Oliver, thanks for sending me the requested email message. I installed the root certificate (only) and trusted it as an email CA. Then I opened your message again, and I see a valid signature! I'm using Mozilla 1.7.8 on Fedora Core Linux. I thereby can not confirm it is a problem in the core. Please do some more tests. Maybe you want to test yourself with the Mozilla application suite. Maybe you'll find out this problem is specific to Thunderbird or to the SuSE build?
Reporter | ||
Comment 3•19 years ago
|
||
It seems that this bug is dependant on a corrupted profile. I switch from Mozilla (1.7) to FF/TB and imported the old mozilla profiles - with this profile I can reproduce the problem with the suse and the mozilla binarys. With a fresh profile there is no such problem - I dont realy have an idea whats going on....
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
Assignee: kaie → nobody
Product: Core → MailNews Core
QA Contact: s.mime
You need to log in
before you can comment on or make changes to this bug.
Description
•