5.22 KB, image/png
https://sourceforge.net - unknown root CA dialog, then the dialog does not refresh when it is being resized, resulting in this visual garbage.
17.50 KB, image/png
13.26 KB, image/png
Both 0.9 and latest daily build on Linux/i386/RH7-RPMs appear to have lost all the root certificates. Loading any https site results in mozilla complaining that it doesn't recognize the root certificate authority, and psm's root ca dialog is completely blank. Additionally, the 'unknown root ca' dialog is too small, and about 60% of it is cut off. Resizing the dialog (Gnome/Gtk/Sawfish) fails to refresh the exposed portion of the dialog. Since the Ok/Cancel buttons are not being exposed, there's no way to close the dialog, and it must be cancelled. End result: effectively https is completely disabled. No root certificates, no way to get mozilla to accept an unvalidated certificate.
Created attachment 33488 [details] https://sourceforge.net - unknown root CA dialog, then the dialog does not refresh when it is being resized, resulting in this visual garbage.
I should also mention that mozilla here is configured to go through a proxy for both http and https.
See also bug 75615 and its dependecies
Assignee: mstoltz → ddrinan
Status: UNCONFIRMED → NEW
Component: Security: General → Client Library
Ever confirmed: true
Product: Browser → PSM
QA Contact: ckritzer → junruh
Version: other → 2.0
I don't see a lack of CA's in the list. Try setting up a new profile. type ./mozilla -ProfileManager or ./mozilla -help
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → WORKSFORME
Creating new profile makes no difference whatsoever. Still must use 041017 in order to use https. Tried both with/without proxy, no difference.
I am seing a very similar thing. I am using Mozilla 0.9 RH 6x RPMs on RedHat 6.2 + all updates. - For every new secure site I visit, I get the "Unknown CA" dialog. - After I accept the certificate, the "closed lock" icon would say "Signed by Verisign, Inc" or similar. - If I remove cert7.db, it is created empty - Clicking the "closed lock" icon or going to Tasks -> Privacy and Security -> PSM does not do anything - The "Security" tag of the "Page info" dialog is always blank.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Copying ~/.netscape/cert7.db created by N4 into the Mozilla profile directory hides the problem. IMHO, this means that Mozilla 0.9 does not have a problem with using the correct CA when they are present in cert7.db, but it is uncapable of adding proper CAs itself.
Severity: normal → major
Mozilla doesn't add the default root CA certs explicitly into cert7.db (unlike Netscape), it pulls them directly from PSM. Running 2001041017 build (last build I reliably used where SSL over a Socks5 proxy works): cert7.db is empty, mozilla validates root certs correctly, using the default root CA list compiled into PSM. Looks like .9/dailies are not reading the default cert list from psm. Copying the default root certs from NS4's cert7.db is a workaround.
Is this related to bug #59161 ?
Verified problem still exists as if 2001052819. Additionally, if the SSL certificate is manually accepted, "Certificate Details" lists "Unknown Issuer" for the certificate authority.
Created attachment 36412 [details] Security Details dialog in 2001052819 for https://sourceforge.net
BTW, if the "copy cert7.db from N4" workaround is used, the Security Details has all the information.
Priority: -- → P1
This is actually an RPM spec file bug. I fixed this just this morning. I'm re-spinning builds now.
Assignee: ddrinan → blizzard
Status: REOPENED → NEW
This is fixed starting with the 0.9.1-pre2 rpms and will be in the next daily rpm.
Status: NEW → RESOLVED
Last Resolved: 17 years ago → 17 years ago
Resolution: --- → FIXED
Verifying - with mozilla pre0.9.1-2_rh7 RPMs I now see "Builtin Roots Module" in Device Manager and I no longer have "unknown root CA" problem.
Status: RESOLVED → VERIFIED
*** Bug 81429 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.