Error for Expired CRLs

VERIFIED WORKSFORME

Status

P3
normal
VERIFIED WORKSFORME
18 years ago
9 years ago

People

(Reporter: lord, Assigned: ddrinan0264)

Tracking

1.0 Branch
Future
x86
Windows 2000

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

18 years ago
From a PSM user:
When a CRL has been loaded, but has expired, and I attempt to read a message,
the browser says the signature is invalid, but the reason given is "unknown".
(Reporter)

Comment 1

18 years ago
Target -> 2.0
Target Milestone: --- → 2.0
(Assignee)

Comment 2

18 years ago
-> p2
Priority: -- → P2

Comment 3

17 years ago
set version to 2.0
RTM must fix?
Version: 1.01 → 2.0
(Reporter)

Comment 4

17 years ago
This is sub-optimal, but OK to later.   Also, this seems to apply to C4.7 with
S/MIME.

Comment 5

17 years ago
Mass reassigning target to 2.1
Target Milestone: 2.0 → 2.1

Updated

17 years ago
Keywords: nsenterprise

Comment 6

17 years ago
P1
CRLs are important customer features.
Priority: P2 → P1

Comment 7

17 years ago
marked future. Not relevant to 2.1 as it concerns s/mime.
Target Milestone: 2.1 → Future
(Reporter)

Comment 8

17 years ago
Why would this not apply to SSL server-auth as well?

Updated

17 years ago
Keywords: nsenterprise
Priority: P1 → P3
Target Milestone: Future → 2.1

Comment 9

17 years ago
removing nsenterprise keyword from PSM bugs with target milestone of future.

Comment 10

17 years ago
Mass assigning QA to ckritzer.
QA Contact: junruh → ckritzer

Comment 11

17 years ago
Move to future. Won't have time to fix these for 2.1
Target Milestone: 2.1 → Future

Updated

17 years ago
QA Contact: ckritzer → junruh

Comment 12

16 years ago
From the initial comment in this bug, I assume this bug report is refering to
S/Mime behaviour.

However, the bug was filed at a time when Mozilla did not yet have S/Mime
support, so it most likely complained about Communicator behaviour.

Meanwhile Mozilla does support S/Mime.
However, I don't see this problem in Mozilla.

I happen to actually have an expired CRL installed in my profile, from a
corporate CA (manually trusted), and I have a signed e-mail signed by a cert
issued from that CA.

The signature is displayed correctly.

I believe this works because NSS has changed its behaviour. It no longer treats
an expired CRL as being fatal. Therefore, an expired CRL can no longer cause a
S/Mime signature to become invalid.

Marking as worksforme.

Status: NEW → RESOLVED
Last Resolved: 16 years ago
Component: Client Library → S/MIME
Resolution: --- → WORKSFORME

Comment 13

16 years ago
Verified.
Status: RESOLVED → VERIFIED

Updated

14 years ago
Component: Security: S/MIME → Security: S/MIME
Product: PSM → Core

Updated

10 years ago
Version: psm2.0 → 1.0 Branch

Updated

9 years ago
Component: Security: S/MIME → Security: S/MIME
Product: Core → MailNews Core
QA Contact: junruh → s.mime
You need to log in before you can comment on or make changes to this bug.