Open Bug 373032 Opened 18 years ago Updated 9 years ago

Message signed by trusted but expired cert incorrectly says I don't trust the CA

Categories

(SeaMonkey :: MailNews: Message Display, defect)

Product:
SeaMonkey
Component:
MailNews: Message Display
Version:
SeaMonkey 1.1 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: gbailey, Unassigned, NeedInfo)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070222 SeaMonkey/1.1.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070222 SeaMonkey/1.1.1

I have a CA setup and have imported the Root CA certificate into my browser as a trusted authority.  That CA has issued PKCS12 certs to 2 users for sending test e-mails that are signed and/or encrypted.  One of the PKCS12 keys was generated with a short (5 day) validity period, and has since expired.  When viewing an old message signed with that certificate, I see the broken pen icon indicating a problem with the signature.

While I would expect some sort of notification that the message was signed with a certificate that has since expired, if I click on the broken pen icon, I see the following test in the dialog box:

Digital Signature Is Not Valid
This message includes a digital signature, but the signature is invalid.
The certificate used to sign the message was issued by a certificate authority that you do not trust for issuing this kind of certificate.

When viewing this message within the validity period of the certificate, I received no warnings and the pen icon indicating that the message was signed was unbroken.

Reproducible: Always

Steps to Reproduce:
1. Create CA and import it into trusted authorities
2. Create PKCS12 user certificate with short validity and use it to sign an e-mail
3. After cert expiration, read the e-mail on a browser that has the CA as a trusted authority.
Actual Results:  
Dialog box indicates that the certificate used to sign the message was issued by a certificate authority that I do not trust for issuing this kind of certificate.

Expected Results:  
I would expect either no warnings; or, to notify me that the user's certificate had expired, a dialog box indicating that the signature is valid, but that the certificate used has expired.
Can you reproduce with SeaMonkey v1.1.9 ?
Version: unspecified → SeaMonkey 1.1 Branch
I'm now currently running seamonkey 1.1.9.  I went back to re-read the original e-mail message referred to by the bug report, and I'm still getting the same behavior; the error states that:

Digital Signature Is Not Valid
This message includes a digital signature, but the signature is invalid.
The certificate used to sign the message was issued by a certificate authority that you do not trust for issuing this kind of certificate.
Can you please confirm it?
Flags: needinfo?(gbailey)
You need to log in before you can comment on or make changes to this bug.