Many CA are missing from the display.
blizzard is going to hate me... this is due to a set of poorly named functions for checking cert trust. In the function getCertType(), at http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNSSCertificate.cpp#2851 the functions HasUser() and HasPeer() are used to find out if a cert has either user or peer trust. However, due to the way I wrote the function signatures, calling them without any arguments means: "If the cert does not have this trust for any type (SSL, email, object signing), return FALSE." However, here I want to know if it *does* have that trust for any type. In ever other place I use the related trust functions, I meant the quoted definition, here I mean the latter definition. *sigh* I managed to confuse myself. I propose adding two functions, HasAnyUser() and HasAnyPeer(), which will do the second definition. I will attach a patch pronto. Thanks for finding this ssaux. I never noticed it because all of the certs I was using had the same trust across the board (that is the default for roots now). Your AOL CA cert is only CA-trusted for Email, which is why this happened.
sr=blizzard tee hee!
ksosez: this bug should be fixed as of 5/23 builds. if you are seeing a problem, can you describe?
Using linux moz BuildId 2001052310 I still can't see the Thawte America Online Inc CA cert.
My checkin was late that night... I created a cert very much like your cert, same trust, etc. It shows up in my linux 2001052321 build, which would have been later. It doesn't show up in my build from the previous day, so I really have my fingers crossed that the bug is fixed now. Can you try again with a build from today?
Using Build ID 2001052406 I see the Intranet Certificate Authority CA. However, the display for the Certificate Manager "Authorities" pane has changed significantly. All the authorities in my cert db show up under a unique little triangle widget, labelled "Unknown Issuer". Is this what's expected?
Actually, this was the behavior when mozilla was launched from the mozilla-installer. When it's launched normally it's ok. So I've verified that it's ok. I don't think I'm authorized to changed the status to VERIFIED.
Is there an updated list of CA's somewhere so that I can verify this bug?