desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #62710
[Bug 911592] Re: [precise] Too few certificate authorities listed after upgrade to 12.04
Let's mark this as 'Invalid' in nss for now. If needed, we can reopen.
Thanks again Mathieu.
** Changed in: nss (Ubuntu Precise)
Status: Incomplete => Invalid
** Changed in: nss (Ubuntu Precise)
Milestone: precise-alpha-2 => None
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evolution in Ubuntu.
https://bugs.launchpad.net/bugs/911592
Title:
[precise] Too few certificate authorities listed after upgrade to
12.04
Status in “evolution” package in Ubuntu:
Fix Released
Status in “nss” package in Ubuntu:
Invalid
Status in “evolution” source package in Precise:
Fix Released
Status in “nss” source package in Precise:
Invalid
Bug description:
After upgrading to precise, when I try to send an email with evolution, I am presented with:
SSL Certificate check for smtp.canonical.com:
Issuer: CN=Thawte DV SSL CA,OU=Domain Validated SSL,O="Thawte, Inc.",C=US
Subject: CN=smtp.canonical.com,OU=Domain Validated,OU=Thawte SSL123 certificate,OU=Go to https://www.thawte.com/repository/index.html,O=smtp.canonical.com
Fingerprint: a2:ee:86:1c:94:4e:74:86:2c:24:2f:0e:6e:cc:cd:db
Signature: BAD
Do you wish to accept? Yes|No
I verified the certificate is valid using gnutls:
* gnutls-cli -s --print-cert --x509cafile /etc/ssl/certs/ -p 587 smtp.canonical.com
* > ehlo test
* > starttls
* in another terminal do 'kill -s SIGALRM <pid og gnutls-cli>'
Remembering that evolution uses nss, I then went to
Edit/Preferences/Certificates/Authorities and discovered that many
certificate autorities are missing from the list, including Thawte's
Root CAs. I verified that Oneiric had the certificate authority, and
it did along with many more. I am not sure if the bug is with nss or
with evolution, but evolution in 12.04 is not seeing all the
certificates it used to see in 11.10.
Marking this as High priority and checking the security box as this
prevents proper certificate verification.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libnss3 3.13.1.with.ckbi.1.88-1ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-7.13-generic 3.2.0-rc7
Uname: Linux 3.2.0-7-generic x86_64
ApportVersion: 1.90-0ubuntu1
Architecture: amd64
Date: Tue Jan 3 21:34:09 2012
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110425.2)
SourcePackage: nss
UpgradeStatus: Upgraded to precise on 2012-01-02 (1 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/911592/+subscriptions