The default bug view has changed. See this FAQ.

Cert not imported - Feedback prompt sometimes does not work

RESOLVED FIXED

Status

()

Core
Security: PSM
P1
normal
RESOLVED FIXED
11 years ago
10 years ago

People

(Reporter: kaie, Assigned: kaie)

Tracking

({fixed1.8.1.2})

1.8 Branch
fixed1.8.1.2
Points:
---
Bug Flags:
blocking1.8.1.2 +
wanted1.8.1.x +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [need testcase])

Attachments

(1 attachment)

(Assignee)

Description

11 years ago
We recently had introduced a prompt, which would give a user feedback, if an attempt to import a certificate is rejected, because it is in invalid certificate.

There are scenarios when that prompt does not show up, if there happens to be no window context available.

One example where this lack of prompt is seen: When we fetch an invalid cert from a LDAP directory.
(Assignee)

Comment 1

11 years ago
Created attachment 245429 [details] [diff] [review]
Patch v1

This patch will provide a backup context, if none has been passed in by the caller.
Attachment #245429 - Flags: review?(rrelyea)
(Assignee)

Updated

11 years ago
Priority: -- → P1
(Assignee)

Updated

11 years ago
Blocks: 354525

Comment 2

10 years ago
Comment on attachment 245429 [details] [diff] [review]
Patch v1

r+ = relyea.
May want one of the Imbedded guys (particular Camino) look at the use of PipUIContext().
Attachment #245429 - Flags: review?(rrelyea) → review+
(Assignee)

Comment 3

10 years ago
(In reply to comment #2)
> May want one of the Imbedded guys (particular Camino) look at the use of
> PipUIContext().

Not sure why you propose that, we use PipUIContext all over PSM already?
(Assignee)

Comment 4

10 years ago
fixed on trunk
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
(Assignee)

Comment 5

10 years ago
Comment on attachment 245429 [details] [diff] [review]
Patch v1

We should get this correctness fix into Thunderbird 2, in order to assist people who fail trying to fetch certificates over LDAP.

Not sure whether to ask for approval 1.8.1.1 or 1.8.1.2
Attachment #245429 - Flags: approval1.8.1.2?
Attachment #245429 - Flags: approval1.8.1.1?

Comment 6

10 years ago
Kai:  We are done with 1.8.1.1, so nominating for 1.8.1.2.  Also cc'ing mscott
so this bug doesn't get lost for Thunderbird 2 (since there is no flag for it
here).
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.2?

Comment 7

10 years ago
This seems like a good candidate for Thunderbird 2 beta 2 which will be based on the 1.8.1.2 security train, so jay's nomination looks good to me.
(Assignee)

Updated

10 years ago
Attachment #245429 - Flags: approval1.8.1.1?

Updated

10 years ago
Flags: blocking1.8.1.2? → blocking1.8.1.2+

Comment 8

10 years ago
Comment on attachment 245429 [details] [diff] [review]
Patch v1

Approved for 1.8 branch, a=jay for drivers.
Attachment #245429 - Flags: approval1.8.1.2? → approval1.8.1.2+
(Assignee)

Comment 9

10 years ago
Checked in to 1.8 branch:

Checking in nsNSSCertificateDB.cpp;
/cvsroot/mozilla/security/manager/ssl/src/nsNSSCertificateDB.cpp,v  <--  nsNSSCertificateDB.cpp
new revision: 1.15.20.8; previous revision: 1.15.20.7
done
Keywords: fixed1.8.1.2

Updated

10 years ago
Whiteboard: [need testcase]

Comment 10

10 years ago
Kai:  If there is a testcase QA can use to verify this bug, please let us know.  Otherwise we appreciate any help in testing the latest builds to verify this is fixed.  Thanks!
(Assignee)

Comment 11

10 years ago
In order to verify, you'll have to use a special setup, that involves an LDAP server, one that provides S/Mime encryption certificates.

Configure such a LDAP directory for use in Thunderbird.

Make sure the certificates are not trusted by the Thunderbird.

You'll also need a personal certificate for S/Mime signing and encryption.

Once you have the above setup, compose a message, enable encryption for this message, add a recipient whose cert can be found in the LDAP directory, and try to send. This will trigger a "obtain cert" from the directory, and an attempt to import the cert.


I don't have the setup right now, but I had verified it when I checked it in.
You need to log in before you can comment on or make changes to this bug.