maemo.org Bugzilla – Bug 8276
Imported SSL Certificates not recognized after PR1.1
Last modified: 2010-03-15 20:51:50 UTC
You need to log in before you can comment on or make changes to this bug.
SOFTWARE VERSION: 1.2009.51-1 STEPS TO REPRODUCE THE PROBLEM: 1. Start browser. 2. Get Rootcertifcate (Class 1 PKI/PEM) from <http://www.cacert.org/index.php?id=3> 3. Import the certificate with Certificate manager (server purpose) 4. Visit a page hosted on an https server with a certificate signed by the above root certificate, such as <https://www.cacert.org/>. EXPECTED OUTCOME: The installed certificate is available and used immediately to verify sites' identities. ACTUAL OUTCOME: Secure Connection Failed www.cacert.org uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) REPRODUCIBILITY: Always - also after browser is closed and re-opened or a reboot of the whole phone! EXTRA SOFTWARE INSTALLED: Fresh device with just updated to PR 1.1. OTHER COMMENTS: Maybe it sounds like Bug 6211 (https://bugs.maemo.org/show_bug.cgi?id=6211) - this was before PR 1.1. Now even a reboot of the device doesn't help. There are also other people reporting this bug: http://talk.maemo.org/showthread.php?t=40972
This also happens with .p12 client certificates.
*** This bug has been confirmed by popular vote. ***
I can confirm this bug. I've tested with different CA and client certificates, and all are getting ignored after the upgrade to PR1.1. The certificates are still displayed correctly in the Certificate Manager, but they are not used by the the browser or email application.
In addition to the browser this also affects E-Mail (modest)
re comment 1, no. please do *not* confuse client certificates with server certificates. problems with one are *not* related to problems with the other. they must be handled separately.
This has been fixed internally for the upcoming PR1.2 release. A future public update will include the fix. (This is not always already the next public update.) To answer popular followup questions: * Nokia does not announce release dates of public updates in advance. * There is currently no access to these internal, non-public build versions. A Brainstorm proposal to change this exists at http://maemo.org/community/brainstorm/view/undelayed_bugfix_releases_for_nokia_open_source_packages-002/
"There is currently no access to these internal, non-public build versions." There have been suggestions in the past (on t.m.o) that fixes are committed to the maemo.gitorious.org trees before they're released as binaries. Can you confirm whether this fix is published there already or not, and if it is, give us a pointer to it so that anyone interested in building from source can identify the fix in the git tree?
No, browser components are not available on gitorious. (The relevant upstream is hg anyhow.)
Setting explicit PR1.2 milestone (so it's clearer in which public release the fix will be available to users). Sorry for the bugmail noise (you can filter on this message).