Open
Bug 373032
Opened 18 years ago
Updated 9 years ago
Message signed by trusted but expired cert incorrectly says I don't trust the CA
Categories
(SeaMonkey :: MailNews: Message Display, defect)
Tracking
(Not tracked)
UNCONFIRMED
People
(Reporter: gbailey, Unassigned, NeedInfo)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070222 SeaMonkey/1.1.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070222 SeaMonkey/1.1.1 I have a CA setup and have imported the Root CA certificate into my browser as a trusted authority. That CA has issued PKCS12 certs to 2 users for sending test e-mails that are signed and/or encrypted. One of the PKCS12 keys was generated with a short (5 day) validity period, and has since expired. When viewing an old message signed with that certificate, I see the broken pen icon indicating a problem with the signature. While I would expect some sort of notification that the message was signed with a certificate that has since expired, if I click on the broken pen icon, I see the following test in the dialog box: Digital Signature Is Not Valid This message includes a digital signature, but the signature is invalid. The certificate used to sign the message was issued by a certificate authority that you do not trust for issuing this kind of certificate. When viewing this message within the validity period of the certificate, I received no warnings and the pen icon indicating that the message was signed was unbroken. Reproducible: Always Steps to Reproduce: 1. Create CA and import it into trusted authorities 2. Create PKCS12 user certificate with short validity and use it to sign an e-mail 3. After cert expiration, read the e-mail on a browser that has the CA as a trusted authority. Actual Results: Dialog box indicates that the certificate used to sign the message was issued by a certificate authority that I do not trust for issuing this kind of certificate. Expected Results: I would expect either no warnings; or, to notify me that the user's certificate had expired, a dialog box indicating that the signature is valid, but that the certificate used has expired.
Comment 1•16 years ago
|
||
Can you reproduce with SeaMonkey v1.1.9 ?
Version: unspecified → SeaMonkey 1.1 Branch
Reporter | ||
Comment 2•16 years ago
|
||
I'm now currently running seamonkey 1.1.9. I went back to re-read the original e-mail message referred to by the bug report, and I'm still getting the same behavior; the error states that: Digital Signature Is Not Valid This message includes a digital signature, but the signature is invalid. The certificate used to sign the message was issued by a certificate authority that you do not trust for issuing this kind of certificate.
You need to log in
before you can comment on or make changes to this bug.
Description
•