Closed Bug 360526 Opened 15 years ago Closed 15 years ago

Cert not imported - Feedback prompt sometimes does not work


(Core :: Security: PSM, defect, P1)

1.8 Branch





(Reporter: KaiE, Assigned: KaiE)



(Keywords: fixed1.8.1.2, Whiteboard: [need testcase])


(1 file)

We recently had introduced a prompt, which would give a user feedback, if an attempt to import a certificate is rejected, because it is in invalid certificate.

There are scenarios when that prompt does not show up, if there happens to be no window context available.

One example where this lack of prompt is seen: When we fetch an invalid cert from a LDAP directory.
Attached patch Patch v1Splinter Review
This patch will provide a backup context, if none has been passed in by the caller.
Attachment #245429 - Flags: review?(rrelyea)
Priority: -- → P1
Blocks: 354525
Comment on attachment 245429 [details] [diff] [review]
Patch v1

r+ = relyea.
May want one of the Imbedded guys (particular Camino) look at the use of PipUIContext().
Attachment #245429 - Flags: review?(rrelyea) → review+
(In reply to comment #2)
> May want one of the Imbedded guys (particular Camino) look at the use of
> PipUIContext().

Not sure why you propose that, we use PipUIContext all over PSM already?
fixed on trunk
Closed: 15 years ago
Resolution: --- → FIXED
Comment on attachment 245429 [details] [diff] [review]
Patch v1

We should get this correctness fix into Thunderbird 2, in order to assist people who fail trying to fetch certificates over LDAP.

Not sure whether to ask for approval or
Attachment #245429 - Flags: approval1.8.1.2?
Attachment #245429 - Flags: approval1.8.1.1?
Kai:  We are done with, so nominating for  Also cc'ing mscott
so this bug doesn't get lost for Thunderbird 2 (since there is no flag for it
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.2?
This seems like a good candidate for Thunderbird 2 beta 2 which will be based on the security train, so jay's nomination looks good to me.
Attachment #245429 - Flags: approval1.8.1.1?
Flags: blocking1.8.1.2? → blocking1.8.1.2+
Comment on attachment 245429 [details] [diff] [review]
Patch v1

Approved for 1.8 branch, a=jay for drivers.
Attachment #245429 - Flags: approval1.8.1.2? → approval1.8.1.2+
Checked in to 1.8 branch:

Checking in nsNSSCertificateDB.cpp;
/cvsroot/mozilla/security/manager/ssl/src/nsNSSCertificateDB.cpp,v  <--  nsNSSCertificateDB.cpp
new revision:; previous revision:
Keywords: fixed1.8.1.2
Whiteboard: [need testcase]
Kai:  If there is a testcase QA can use to verify this bug, please let us know.  Otherwise we appreciate any help in testing the latest builds to verify this is fixed.  Thanks!
In order to verify, you'll have to use a special setup, that involves an LDAP server, one that provides S/Mime encryption certificates.

Configure such a LDAP directory for use in Thunderbird.

Make sure the certificates are not trusted by the Thunderbird.

You'll also need a personal certificate for S/Mime signing and encryption.

Once you have the above setup, compose a message, enable encryption for this message, add a recipient whose cert can be found in the LDAP directory, and try to send. This will trigger a "obtain cert" from the directory, and an attempt to import the cert.

I don't have the setup right now, but I had verified it when I checked it in.
You need to log in before you can comment on or make changes to this bug.