Closed
Bug 465351
Opened 16 years ago
Closed 11 years ago
Wrong message and reason reported with untrusted CA roots when signing email
Categories
(MailNews Core :: Security, defect)
MailNews Core
Security
Tracking
(Not tracked)
RESOLVED
FIXED
Thunderbird 22.0
People
(Reporter: eddy_nigg, Assigned: sakshi.april5)
Details
(Keywords: regression, Whiteboard: [good first bug])
Attachments
(3 files, 2 obsolete files)
11.99 KB,
image/png
|
Details | |
3.58 KB,
patch
|
standard8
:
review-
|
Details | Diff | Splinter Review |
8.67 KB,
patch
|
standard8
:
review+
|
Details | Diff | Splinter Review |
Signing messages with digital certificate fails since today. This is build Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b2pre) Gecko/20081113 Shredder/3.0b1pre . Same settings worked previously. No co clue how to debug.
Flags: blocking-thunderbird3.0b1?
Comment 1•16 years ago
|
||
Signing seems to work for me on Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b2pre) Gecko/20081119 Lightning/1.0pre Shredder/3.0b1pre In what way does it "not work" for you?
Keywords: regression
Reporter | ||
Comment 2•16 years ago
|
||
That was a weird case...I had the CA certificates on the smart card I used and they had trust only enabled for web sites. Not sure what's the reason for this default trust setting, however once I changed the trust settings to include email (as in the builtin root), it obviously worked again.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
Updated•16 years ago
|
Flags: blocking-thunderbird3.0b1?
Reporter | ||
Comment 3•16 years ago
|
||
The error message is highly misleading and should be corrected.
Severity: major → normal
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Summary: Certificate signing fails → Wrong message and reason reported with untrusted CA roots when signing email
Reporter | ||
Comment 4•16 years ago
|
||
The message indicates that the settings of the certificate are incorrect, however the CA certificates have email trust bit set to off. The message should indicate that - it took me two days to figure what's going on.
Attachment #349157 -
Flags: approval1.9.1?
Comment 5•16 years ago
|
||
Comment on attachment 349157 [details]
Message received with untrusted root (email flag not set)
approval1.9.1 is for getting patches into the tree, not necessary here.
Attachment #349157 -
Flags: approval1.9.1?
Comment 6•16 years ago
|
||
I think I had this problem the other day. We're getting a generic error message (ErrorCanNotSign from am-smime.properties) for a bunch of failure cases. Could you set NSPR_LOG_MODULES to pipnss:5 (see https://wiki.mozilla.org/MailNews:Logging for how to do it), and post the relevant part of the log on the bug? I'm expecting it'll be somewhere in nsCMSMessage::CreateSigned that it is failing, getting the log will confirm this and help us work out what we need to change.
Flags: wanted-thunderbird3+
Assignee: nobody → timeless
Status: REOPENED → ASSIGNED
Attachment #354669 -
Flags: review?(bugzilla)
Comment 8•15 years ago
|
||
Comment on attachment 354669 [details] [diff] [review] fix text This should be caught by localizations, too, so it should get a change in the keys. I'd suggest to use ErrorCanNotSignMail (and EncryptMail), which is a proper change carrying over the semantics of the change in the text.
Comment 9•15 years ago
|
||
Comment on attachment 354669 [details] [diff] [review] fix text L10n request that because of the context change we also change the name of the string, this is so that we'll force localisations to reconsider the change to the string for their language.
Attachment #354669 -
Flags: review?(bugzilla) → review-
Updated•13 years ago
|
Assignee: timeless → nobody
Whiteboard: [good first bug]
Updated•12 years ago
|
Status: ASSIGNED → NEW
Assignee | ||
Comment 10•11 years ago
|
||
Hello, I would like to fix this bug.
Updated•11 years ago
|
Assignee: nobody → sakshi.april5
Assignee | ||
Comment 11•11 years ago
|
||
Who should I set for review?
Comment 12•11 years ago
|
||
You'll need a mailnews/ reviewer - https://wiki.mozilla.org/Modules/All#MailNews standard8, or IanN perhaps?
OS: Linux → All
Hardware: x86 → All
Comment 13•11 years ago
|
||
Comment on attachment 723883 [details] [diff] [review] New patch Review of attachment 723883 [details] [diff] [review]: ----------------------------------------------------------------- You'll need to update the "callers" too.
Attachment #723883 -
Flags: review-
Assignee | ||
Comment 14•11 years ago
|
||
I guess those are placed in mailnews/extensions/smime/src/nsMsgComposeSecure.cpp ?
Comment 15•11 years ago
|
||
Yep - http://mxr.mozilla.org/comm-central/search?string=ErrorCanNotEncrypt
Assignee | ||
Comment 16•11 years ago
|
||
Attachment #723883 -
Attachment is obsolete: true
Attachment #723898 -
Flags: review?(mbanner)
Assignee | ||
Comment 17•11 years ago
|
||
Any updates on the patch?
Comment 18•11 years ago
|
||
Comment on attachment 723898 [details] [diff] [review] patch with caller Sorry for the delay. I'd really like to give this r+, but the new labels seem to be the wrong way around: +ErrorCanNotSignMail=Unable to encrypt message. Please check that you have a valid email certificate for each recipient. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail. +ErrorEncryptMail=Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail. ErrorEncryptMail should be for "Unable to encrypt message..."
Attachment #723898 -
Flags: review?(mbanner) → review-
Assignee | ||
Comment 19•11 years ago
|
||
Attachment #723898 -
Attachment is obsolete: true
Attachment #728755 -
Flags: review?(mbanner)
Comment 20•11 years ago
|
||
Comment on attachment 728755 [details] [diff] [review] Patch2 That's better, thanks, r=Standard8.
Attachment #728755 -
Flags: review?(mbanner) → review+
Updated•11 years ago
|
Keywords: checkin-needed
Updated•11 years ago
|
Product: Thunderbird → MailNews Core
Comment 21•11 years ago
|
||
https://hg.mozilla.org/comm-central/rev/fd78e7d7cda7
Status: NEW → RESOLVED
Closed: 16 years ago → 11 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 22.0
You need to log in
before you can comment on or make changes to this bug.
Description
•