To Software Software - To Software-Assessment - Software/Assessment - To Current Test - Software/CurrentTest

Software Current Tests - Bug 1119 Testmatrix

Bug #1119 "Error importing CRL to Firefox/Thunderbird"

Analyze, Testmatrix

There are 4 test scenarios:
1. import public CAcert root key
2. import public CAcert subroot (class3) key
3. import root CRL
4. import subroot (class3) CRL

please mark your results with

success {g}
fail {r}
key present +
key not present -
longer remarks mark with x^#) and place remark below the table

OS and Browser combination	public CAcert root key	public CAcert subroot (class3) key	root CRL	subroot (class3) CRL	Client Cert	Remarks
Windows ?, Firefox ?			{r}			SK, Error Code: ffffe0b0
Windows ?, Thunderbird ?			{r}			SK, Error Code: ffffe0b0
Knoppix 6.7.0, Firefox ?			{g}			SK
Win7 64bit, Firefox 16			{r}			RL
Win7 64bit, Firefox 17			{r}			RL
Linux ?, Seamonkey ?			{g}			RL
Win7 ?, Seamonkey ?			{g}			RL
Linux, FF17	-	+	{g}	{r}		BJ, Error Code:ffffe0b0
Linux, FF17	+	+	{r}	{r}		BJ, Error Code:ffffe0b0, x⁴
Linux, FF17	+	-	{r}	{g}		BJ, Error Code:ffffe0b0
Linux, FF17	-	-	{g}	{g}		BJ
Win7, Eudora OSE	+				{r}	AL, x²
Win7 32bit,			{g}	{g}		MM, 2012-12-01 , 2012-12-04
Win7 64bit,			{r}	{r}		MM, Error Code:ffffe0b0
OpenSuse 12.1 32bit, FF17.0.1	+	+	{r}	{r}		BJ, Error Code:ffffe0b0
OpenSuse 12.1 64bit, FF17.0.1	+	+	{r}	{r}		BJ, Error Code:ffffe0b0, x⁴
OpenSuse 12.1 32bit, FF12	+	+	{g}	{g}		BJ x³
Win 6,7,8; FF17esr	{g}	{g}	{g}	{g}		JB
Linux Mint 32+64bit; FF17esr	{g}	{g}	{g}	{g}		JB
Linux Mandriva 32+64bit; FF17esr	{g}	{g}	{g}	{g}		JB
WinXP Pro, FF 17			{r}	{r}		JB
WinXP Pro, FF 17esr			{r}	{g}		JB
VBox: Win7 32bit, FF12	+	+	{g}	{g}		BJ x³
VBox: Win7 32bit, FF17.0.1	+	+	{r}	{r}		BJ, Error Code:ffffe0b0, x⁴
VBox: Win7 32bit, FF17.0.1	+	-	{r}			BJ, Error Code:ffffe0b0
VBox: Ubuntu 12.04 TLS 32bit, FF17	+	+	{r}	{r}		BJ, Error Code:ffffe0b0, x⁴
Lubuntu 12.10 x64 FF 17.0.1			{r}	{r}		BenBe SAP meeting

Remarks

x¹) https://lists.cacert.org/wws/arc/cacert-support/2012-11/msg00080.html
- Mozilla's Bugzilla was said, this issue is due to cutoff for Mozilla products' support of MD5 as a hash algorithm in digital signatures. (see Bug 650355 - since Firefox16 this is implemented)
x²) https://lists.cacert.org/wws/arc/cacert-support/2012-11/msg00084.html
- Digital Signature is Not Valid ... issued by a certificate authority that you do not trust
x³) https://lists.cacert.org/wws/arc/cacert-support/2012-12/msg00012.html
- In older Firefox version (<16) where MD5 hashes were still accepted, when viewing the CAcert class-1 root certificate, Firefox says: "This certificate has been verified for the following uses: SSL Server Certificate, SSL Client Certificate, Email Signer Certificate, Email Recipient Certificate, SSL Certificate Authority, Status Responder Certificate". In these versions also the CRL importing works fine.
- In the newer Firefox 17, when viewing the same (unchanged) CAcert class-1 root certificate, Firefox only verifies the certificate as "Status Responder Certificate", the rest of the entries has gone away. Nevertheless Firefox accepts this class-1 certificate for signing the CAcert server certificate (e.g. www.cacert.org) or for signing the class-3 root certificate. But CRL importing does not work then.
x⁴) These failures only occur when the Firefox config parameter security.enable_md5_signatures is set to false. If it is set to true (enabling MD5 signatures on the CRLs), everything works fine. I have tested this behaviour only for the marked cases, but I assume it is general. BJ

Happy testing

CategorySoftwareAssessment

Software/CurrentTest/bug1119 (last edited 2012-12-11 11:24:48 by UlrichSchroeter)