Closed
Bug 971271
Opened 11 years ago
Closed 1 year ago
Include signer cert chain root in SMIME signed emails
Categories
(NSS :: Tools, defect, P5)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: frederik.vermeulen, Unassigned)
References
(Blocks 1 open bug)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11
Steps to reproduce:
Send signed email with Thunderbird.
Alternatively: cmsutil -S -d certdir -N "mycert" -v >signed.out
Actual results:
signer cert + intermediate certs are added, but not the root cert.
Verified with openssl pkcs7 -in signed.out -inform der -print_certs
Expected results:
Include root cert in the chain. The S/MIME spec allows this and some MUAs seem to expect it (MS Outlook for example).
This can be obtained by the following change in mozilla/security/nss/cmd/smimetools/cmsutil.c
- if (NSS_CMSSignerInfo_IncludeCerts(signerinfo, NSSCMSCM_CertChain,
+ if (NSS_CMSSignerInfo_IncludeCerts(signerinfo, NSSCMSCM_CertChainWithRoot,
See also https://bugzilla.mozilla.org/show_bug.cgi?id=540498
|
||
Comment 1•11 years ago
|
||
Can you attach that as a patch?
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
Reporter | |
Comment 2•11 years ago
|
||
(In reply to Magnus Melin from comment #1)
> Can you attach that as a patch?
The proposed patch was attached to bug 540498 and can be found at
https://bug540498.bugzilla.mozilla.org/attachment.cgi?id=813716
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Updated•1 year ago
|
Severity: S3 → N/A
Status: NEW → RESOLVED
Closed: 1 year ago
Priority: -- → P5
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•