Last Comment Bug 360526 - Cert not imported - Feedback prompt sometimes does not work
: Cert not imported - Feedback prompt sometimes does not work
Status: RESOLVED FIXED
[need testcase]
: fixed1.8.1.2
Product: Core
Classification: Components
Component: Security: PSM (show other bugs)
: 1.8 Branch
: All All
: P1 normal (vote)
: ---
Assigned To: Kai Engert (:kaie)
:
Mentors:
Depends on:
Blocks: 354525
  Show dependency treegraph
 
Reported: 2006-11-12 20:17 PST by Kai Engert (:kaie)
Modified: 2007-03-07 18:09 PST (History)
5 users (show)
jaymoz: blocking1.8.1.2+
jaymoz: wanted1.8.1.x+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Patch v1 (1.31 KB, patch)
2006-11-12 20:18 PST, Kai Engert (:kaie)
rrelyea: review+
jaymoz: approval1.8.1.2+
Details | Diff | Review

Description Kai Engert (:kaie) 2006-11-12 20:17:24 PST
We recently had introduced a prompt, which would give a user feedback, if an attempt to import a certificate is rejected, because it is in invalid certificate.

There are scenarios when that prompt does not show up, if there happens to be no window context available.

One example where this lack of prompt is seen: When we fetch an invalid cert from a LDAP directory.
Comment 1 Kai Engert (:kaie) 2006-11-12 20:18:31 PST
Created attachment 245429 [details] [diff] [review]
Patch v1

This patch will provide a backup context, if none has been passed in by the caller.
Comment 2 Robert Relyea 2006-12-05 15:21:28 PST
Comment on attachment 245429 [details] [diff] [review]
Patch v1

r+ = relyea.
May want one of the Imbedded guys (particular Camino) look at the use of PipUIContext().
Comment 3 Kai Engert (:kaie) 2006-12-06 08:30:05 PST
(In reply to comment #2)
> May want one of the Imbedded guys (particular Camino) look at the use of
> PipUIContext().

Not sure why you propose that, we use PipUIContext all over PSM already?
Comment 4 Kai Engert (:kaie) 2006-12-06 08:31:55 PST
fixed on trunk
Comment 5 Kai Engert (:kaie) 2006-12-06 08:33:19 PST
Comment on attachment 245429 [details] [diff] [review]
Patch v1

We should get this correctness fix into Thunderbird 2, in order to assist people who fail trying to fetch certificates over LDAP.

Not sure whether to ask for approval 1.8.1.1 or 1.8.1.2
Comment 6 Jay Patel [:jay] 2006-12-11 14:51:11 PST
Kai:  We are done with 1.8.1.1, so nominating for 1.8.1.2.  Also cc'ing mscott
so this bug doesn't get lost for Thunderbird 2 (since there is no flag for it
here).
Comment 7 Scott MacGregor 2006-12-11 16:39:04 PST
This seems like a good candidate for Thunderbird 2 beta 2 which will be based on the 1.8.1.2 security train, so jay's nomination looks good to me.
Comment 8 Jay Patel [:jay] 2006-12-20 15:38:58 PST
Comment on attachment 245429 [details] [diff] [review]
Patch v1

Approved for 1.8 branch, a=jay for drivers.
Comment 9 Kai Engert (:kaie) 2007-01-02 10:38:52 PST
Checked in to 1.8 branch:

Checking in nsNSSCertificateDB.cpp;
/cvsroot/mozilla/security/manager/ssl/src/nsNSSCertificateDB.cpp,v  <--  nsNSSCertificateDB.cpp
new revision: 1.15.20.8; previous revision: 1.15.20.7
done
Comment 10 Jay Patel [:jay] 2007-02-08 15:35:34 PST
Kai:  If there is a testcase QA can use to verify this bug, please let us know.  Otherwise we appreciate any help in testing the latest builds to verify this is fixed.  Thanks!
Comment 11 Kai Engert (:kaie) 2007-03-07 18:09:32 PST
In order to verify, you'll have to use a special setup, that involves an LDAP server, one that provides S/Mime encryption certificates.

Configure such a LDAP directory for use in Thunderbird.

Make sure the certificates are not trusted by the Thunderbird.

You'll also need a personal certificate for S/Mime signing and encryption.

Once you have the above setup, compose a message, enable encryption for this message, add a recipient whose cert can be found in the LDAP directory, and try to send. This will trigger a "obtain cert" from the directory, and an attempt to import the cert.


I don't have the setup right now, but I had verified it when I checked it in.

Note You need to log in before you can comment on or make changes to this bug.