If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Certificate Manager fails to show all CA's

VERIFIED FIXED

Status

Core Graveyard
Security: UI
VERIFIED FIXED
17 years ago
a year ago

People

(Reporter: Stephane Saux, Assigned: Ian McGreer)

Tracking

1.0 Branch
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

17 years ago
Many CA are missing from the display.
(Assignee)

Comment 1

17 years ago
blizzard is going to hate me...

this is due to a set of poorly named functions for checking cert trust.  In the
function getCertType(), at

http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNSSCertificate.cpp#2851

the functions HasUser() and HasPeer() are used to find out if a cert has either
user or peer trust.  However, due to the way I wrote the function signatures,
calling them without any arguments means: "If the cert does not have this trust
for any type (SSL, email, object signing), return FALSE."  However, here I want
to know if it *does* have that trust for any type.  In ever other place I use
the related trust functions, I meant the quoted definition, here I mean the
latter definition.  *sigh*  I managed to confuse myself.

I propose adding two functions, HasAnyUser() and HasAnyPeer(), which will do the
second definition.  I will attach a patch pronto.

Thanks for finding this ssaux.  I never noticed it because all of the certs I
was using had the same trust across the board (that is the default for roots
now).  Your AOL CA cert is only CA-trusted for Email, which is why this happened.
(Assignee)

Comment 2

17 years ago
Created attachment 35712 [details] [diff] [review]
patch to fix

Comment 3

17 years ago
r=javi
sr=blizzard

tee hee!

Comment 5

17 years ago
Marking NEW.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: patch, review
(Assignee)

Comment 6

17 years ago
ksosez: this bug should be fixed as of 5/23 builds.  if you are seeing a 
problem, can you describe?
(Reporter)

Comment 7

17 years ago
Using linux moz BuildId 2001052310 I still can't see
the Thawte America Online Inc CA cert.
(Assignee)

Comment 8

17 years ago
My checkin was late that night...

I created a cert very much like your cert, same trust, etc.  It shows up in my
linux 2001052321 build, which would have been later.  It doesn't show up in my
build from the previous day, so I really have my fingers crossed that the bug is
fixed now.  Can you try again with a build from today?
(Reporter)

Comment 9

17 years ago
Using Build ID 2001052406 I see the Intranet Certificate Authority CA.  However,
the display for the Certificate Manager "Authorities" pane has changed
significantly.  All the authorities in my cert db show up under a unique little
triangle widget, labelled "Unknown Issuer". Is this what's expected?
(Reporter)

Comment 10

17 years ago
Actually, this was the behavior when mozilla was launched from the
mozilla-installer. When it's launched normally it's ok. So I've verified that
it's ok.  I don't think I'm authorized to changed the status to VERIFIED.
(Assignee)

Comment 11

17 years ago
marking fixed
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED

Comment 12

17 years ago
Is there an updated list of CA's somewhere so that I can verify this bug?

Comment 13

17 years ago
Verified.
Status: RESOLVED → VERIFIED

Updated

13 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

9 years ago
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.