Last Comment Bug 360526 - Cert not imported - Feedback prompt sometimes does not work
: Cert not imported - Feedback prompt sometimes does not work
[need testcase]
: fixed1.8.1.2
Product: Core
Classification: Components
Component: Security: PSM (show other bugs)
: 1.8 Branch
: All All
P1 normal (vote)
: ---
Assigned To: Kai Engert (:kaie)
: David Keeler [:keeler] (use needinfo?)
Depends on:
Blocks: 354525
  Show dependency treegraph
Reported: 2006-11-12 20:17 PST by Kai Engert (:kaie)
Modified: 2007-03-07 18:09 PST (History)
5 users (show)
jaymoz: blocking1.8.1.2+
jaymoz: wanted1.8.1.x+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Patch v1 (1.31 KB, patch)
2006-11-12 20:18 PST, Kai Engert (:kaie)
rrelyea: review+
jaymoz: approval1.8.1.2+
Details | Diff | Splinter Review

Description User image Kai Engert (:kaie) 2006-11-12 20:17:24 PST
We recently had introduced a prompt, which would give a user feedback, if an attempt to import a certificate is rejected, because it is in invalid certificate.

There are scenarios when that prompt does not show up, if there happens to be no window context available.

One example where this lack of prompt is seen: When we fetch an invalid cert from a LDAP directory.
Comment 1 User image Kai Engert (:kaie) 2006-11-12 20:18:31 PST
Created attachment 245429 [details] [diff] [review]
Patch v1

This patch will provide a backup context, if none has been passed in by the caller.
Comment 2 User image Robert Relyea 2006-12-05 15:21:28 PST
Comment on attachment 245429 [details] [diff] [review]
Patch v1

r+ = relyea.
May want one of the Imbedded guys (particular Camino) look at the use of PipUIContext().
Comment 3 User image Kai Engert (:kaie) 2006-12-06 08:30:05 PST
(In reply to comment #2)
> May want one of the Imbedded guys (particular Camino) look at the use of
> PipUIContext().

Not sure why you propose that, we use PipUIContext all over PSM already?
Comment 4 User image Kai Engert (:kaie) 2006-12-06 08:31:55 PST
fixed on trunk
Comment 5 User image Kai Engert (:kaie) 2006-12-06 08:33:19 PST
Comment on attachment 245429 [details] [diff] [review]
Patch v1

We should get this correctness fix into Thunderbird 2, in order to assist people who fail trying to fetch certificates over LDAP.

Not sure whether to ask for approval or
Comment 6 User image Jay Patel [:jay] 2006-12-11 14:51:11 PST
Kai:  We are done with, so nominating for  Also cc'ing mscott
so this bug doesn't get lost for Thunderbird 2 (since there is no flag for it
Comment 7 User image Scott MacGregor 2006-12-11 16:39:04 PST
This seems like a good candidate for Thunderbird 2 beta 2 which will be based on the security train, so jay's nomination looks good to me.
Comment 8 User image Jay Patel [:jay] 2006-12-20 15:38:58 PST
Comment on attachment 245429 [details] [diff] [review]
Patch v1

Approved for 1.8 branch, a=jay for drivers.
Comment 9 User image Kai Engert (:kaie) 2007-01-02 10:38:52 PST
Checked in to 1.8 branch:

Checking in nsNSSCertificateDB.cpp;
/cvsroot/mozilla/security/manager/ssl/src/nsNSSCertificateDB.cpp,v  <--  nsNSSCertificateDB.cpp
new revision:; previous revision:
Comment 10 User image Jay Patel [:jay] 2007-02-08 15:35:34 PST
Kai:  If there is a testcase QA can use to verify this bug, please let us know.  Otherwise we appreciate any help in testing the latest builds to verify this is fixed.  Thanks!
Comment 11 User image Kai Engert (:kaie) 2007-03-07 18:09:32 PST
In order to verify, you'll have to use a special setup, that involves an LDAP server, one that provides S/Mime encryption certificates.

Configure such a LDAP directory for use in Thunderbird.

Make sure the certificates are not trusted by the Thunderbird.

You'll also need a personal certificate for S/Mime signing and encryption.

Once you have the above setup, compose a message, enable encryption for this message, add a recipient whose cert can be found in the LDAP directory, and try to send. This will trigger a "obtain cert" from the directory, and an attempt to import the cert.

I don't have the setup right now, but I had verified it when I checked it in.

Note You need to log in before you can comment on or make changes to this bug.