User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11 Steps to reproduce: Send signed email with Thunderbird. Alternatively: cmsutil -S -d certdir -N "mycert" -v >signed.out Actual results: signer cert + intermediate certs are added, but not the root cert. Verified with openssl pkcs7 -in signed.out -inform der -print_certs Expected results: Include root cert in the chain. The S/MIME spec allows this and some MUAs seem to expect it (MS Outlook for example). This can be obtained by the following change in mozilla/security/nss/cmd/smimetools/cmsutil.c - if (NSS_CMSSignerInfo_IncludeCerts(signerinfo, NSSCMSCM_CertChain, + if (NSS_CMSSignerInfo_IncludeCerts(signerinfo, NSSCMSCM_CertChainWithRoot, See also https://bugzilla.mozilla.org/show_bug.cgi?id=540498
Can you attach that as a patch?
Status: UNCONFIRMED → NEW
Ever confirmed: true
(In reply to Magnus Melin from comment #1) > Can you attach that as a patch? The proposed patch was attached to bug 540498 and can be found at https://bug540498.bugzilla.mozilla.org/attachment.cgi?id=813716
You need to log in before you can comment on or make changes to this bug.