desktop-packages team mailing list archive

Thread
Date

[Bug 911592] Re: [precise] Too few certificate authorities listed after upgrade to 12.04

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Wed, 04 Jan 2012 21:01:56 -0000
Reply-to: Bug 911592 <911592@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thanks for the fix Mathieu. I can confirm the evolution is working
properly again.

Is the change something we need to fix in other places (or centrally in
nss) or was it just evolution getting it wrong?

** Changed in: nss (Ubuntu Precise)
       Status: Confirmed => Incomplete

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evolution in Ubuntu.
https://bugs.launchpad.net/bugs/911592

Title:
  [precise] Too few certificate authorities listed after upgrade to
  12.04

Status in “evolution” package in Ubuntu:
  Fix Released
Status in “nss” package in Ubuntu:
  Incomplete
Status in “evolution” source package in Precise:
  Fix Released
Status in “nss” source package in Precise:
  Incomplete

Bug description:
  After upgrading to precise, when I try to send an email with evolution, I am presented with:
  SSL Certificate check for smtp.canonical.com:

  Issuer:            CN=Thawte DV SSL CA,OU=Domain Validated SSL,O="Thawte, Inc.",C=US
  Subject:           CN=smtp.canonical.com,OU=Domain Validated,OU=Thawte SSL123 certificate,OU=Go to https://www.thawte.com/repository/index.html,O=smtp.canonical.com
  Fingerprint:       a2:ee:86:1c:94:4e:74:86:2c:24:2f:0e:6e:cc:cd:db
  Signature:         BAD

  Do you wish to accept? Yes|No

  I verified the certificate is valid using gnutls:
   * gnutls-cli -s --print-cert --x509cafile /etc/ssl/certs/ -p 587 smtp.canonical.com
   * > ehlo test
   * > starttls
   * in another terminal do 'kill -s SIGALRM <pid og gnutls-cli>'

  Remembering that evolution uses nss, I then went to
  Edit/Preferences/Certificates/Authorities and discovered that many
  certificate autorities are missing from the list, including Thawte's
  Root CAs. I verified that Oneiric had the certificate authority, and
  it did along with many more. I am not sure if the bug is with nss or
  with evolution, but evolution in 12.04 is not seeing all the
  certificates it used to see in 11.10.

  Marking this as High priority and checking the security box as this
  prevents proper certificate verification.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: libnss3 3.13.1.with.ckbi.1.88-1ubuntu2
  ProcVersionSignature: Ubuntu 3.2.0-7.13-generic 3.2.0-rc7
  Uname: Linux 3.2.0-7-generic x86_64
  ApportVersion: 1.90-0ubuntu1
  Architecture: amd64
  Date: Tue Jan  3 21:34:09 2012
  InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110425.2)
  SourcePackage: nss
  UpgradeStatus: Upgraded to precise on 2012-01-02 (1 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/911592/+subscriptions