Closed
Bug 392016
Opened 17 years ago
Closed 16 years ago
User certificates are not retrieved if Address Autocompletion for LDAP is (globally) disabled
Categories
(Thunderbird :: Security, defect, P2)
Thunderbird
Security
Tracking
(Not tracked)
RESOLVED
FIXED
Thunderbird 3
People
(Reporter: jpstotz, Assigned: standard8)
References
Details
Attachments
(2 files, 2 obsolete files)
2.53 KB,
patch
|
standard8
:
review+
standard8
:
superreview+
|
Details | Diff | Splinter Review |
2.48 KB,
patch
|
Bienvenu
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Opera/9.22 (Windows NT 5.1; U; de) Build Identifier: Version 2.0.0.6 (20070728) As Thunderbird allows to specify for each mail account a different LDAP server (Account Settings -> Composition and Addressing -> "Use a different LDAP server") there is no need to set a global Directory Server in the options dialog (Options -> Composition -> Addressing -> Address Autocompletion). The problem is , that if you do not set a "Directory Server" in the Options dialog, user certificate retrieval does not work. I sniffed the LDAP connection and Thunderbird did never tried to retrieve a user certificate if "Directory Server" is disabled/not LDAP server is specified. But if you enable it user certificate retrieval does work as expected. Reproducible: Always Steps to Reproduce: 1. Add a working LDAP server to the Adressbook of Thunderbird 2. Go to Options -> Composition -> Adressing -> Address Autocompletion 3. Make sure "Directory Server" is disabled 4. Open the "Account Settings" and select the "Composition and Addressing" tab for one mail account 5. Choose the in 1. entered LDAP server as "Use a different LDAP server" 6. Accept the settings and close the dialog 7. Compose a new S/MIME encrypted mail and add a email address to the "to field" which certificate is unknown to Thunderbird but is available if the LDAP server and try to save it Actual Results: An error dialog appears saying that the certificate could not be retrieved Expected Results: The correspondant certificate should be loaded from the LDAP server. If in step 3. the "Directory Server" is enabled the certificate is retrieved - independent of the selected LDAP server in this dialog (works even if "None" is selected)
Assignee | ||
Comment 2•16 years ago
|
||
There's an error in the javascript, it uses the global preference to see if autocomplete is enabled in both cases. This is definitely wrong and easy to fix. Putting on my TB 3 radar. http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/mail/extensions/smime/content/msgCompSMIMEOverlay.js&rev=1.4&mark=383-405#383
Assignee: nobody → bugzilla
Status: UNCONFIRMED → NEW
Component: Address Book → Security
Ever confirmed: true
Flags: wanted-thunderbird3?
OS: Windows XP → All
QA Contact: address-book → thunderbird
Hardware: PC → All
Summary: User certificates are not retrieved if Address Automcompletion for LDAP is disabled → User certificates are not retrieved if Address Autocompletion for LDAP is (globally) disabled
Assignee | ||
Updated•16 years ago
|
Priority: -- → P2
Assignee | ||
Comment 3•16 years ago
|
||
This should correctly get the right ldap server based on the identity - basically check the identity first, and then revert to the global preference if necessary. I've not tested this as I haven't got the required set-up, but I believe it should work fine.
Attachment #326866 -
Flags: review?(bienvenu)
Assignee | ||
Comment 4•16 years ago
|
||
Attachment #326867 -
Flags: superreview?(neil)
Attachment #326867 -
Flags: review?(neil)
Comment 5•16 years ago
|
||
Comment on attachment 326867 [details] [diff] [review] SeaMonkey fix >+ if (gCurrentIdentity.overrideGlobalPref) >+ autocompleteDirectory = gCurrentIdentity.directoryServer; >+ >+ // Don't use an else here, just in case autocompleteDirectory is "" >+ if (!autocompleteDirectory) Actually I think the else here is correct. r+sr=me with that fixed.
Attachment #326867 -
Flags: superreview?(neil)
Attachment #326867 -
Flags: superreview+
Attachment #326867 -
Flags: review?(neil)
Attachment #326867 -
Flags: review+
Assignee | ||
Comment 6•16 years ago
|
||
The SeaMonkey fix that I'm checking in.
Attachment #326867 -
Attachment is obsolete: true
Attachment #326872 -
Flags: superreview+
Attachment #326872 -
Flags: review+
Assignee | ||
Updated•16 years ago
|
Attachment #326872 -
Attachment description: SeaMonkey fix v2 → [checked in] SeaMonkey fix v2
Assignee | ||
Comment 7•16 years ago
|
||
Revised to include the else (so that we match the algorithm in MsgComposeCommands.js)
Attachment #326866 -
Attachment is obsolete: true
Attachment #326873 -
Flags: review?(bienvenu)
Attachment #326866 -
Flags: review?(bienvenu)
Updated•16 years ago
|
Version: unspecified → Trunk
Updated•16 years ago
|
Attachment #326873 -
Flags: review?(bienvenu) → review+
Assignee | ||
Updated•16 years ago
|
Attachment #326873 -
Attachment description: Thunderbird fix v2 → [checked in] Thunderbird fix v2
Assignee | ||
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Flags: wanted-thunderbird3?
Resolution: --- → FIXED
Updated•16 years ago
|
Target Milestone: --- → Thunderbird 3
You need to log in
before you can comment on or make changes to this bug.
Description
•