Bug 8276 - (int-153869) Imported SSL Certificates not recognized after PR1.1
: Imported SSL Certificates not recognized after PR1.1
Product: Browser
MicroB engine
: 5.0/(2.2009.51-1)
: N900 Maemo
: Medium major with 7 votes (vote)
: 5.0/(10.2010.19-1)
Assigned To: unassigned
: microb-bugs
  Show dependency tree
Reported: 2010-01-19 17:32 UTC by maemo5
Modified: 2010-03-15 20:51 UTC (History)
7 users (show)

See Also:



You need to log in before you can comment on or make changes to this bug.

Description maemo5 (reporter) 2010-01-19 17:32:06 UTC

1. Start browser.
2. Get Rootcertifcate (Class 1 PKI/PEM) from 
3. Import the certificate with Certificate manager (server purpose)
4. Visit a page hosted on an https server with a certificate signed by the
above root certificate, such as <https://www.cacert.org/>.

The installed certificate is available and used immediately to verify sites'

Secure Connection Failed
www.cacert.org uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)

Always - also after browser is closed and re-opened or a reboot of the whole

Fresh device with just updated to PR 1.1.

Maybe it sounds like Bug 6211 (https://bugs.maemo.org/show_bug.cgi?id=6211) -
this was before PR 1.1. Now even a reboot of the device doesn't help. There are
also other people reporting this bug:
Comment 1 maemobugzilla 2010-01-19 21:08:21 UTC
This also happens with .p12 client certificates.
Comment 2 maemo.org 2010-01-20 04:40:52 UTC
*** This bug has been confirmed by popular vote. ***
Comment 3 maemo.org 2010-01-20 04:42:29 UTC
I can confirm this bug. I've tested with different CA and client certificates,
and all are getting ignored after the upgrade to PR1.1.

The certificates are still displayed correctly in the Certificate Manager, but
they are not used by the the browser or email application.
Comment 4 Guido G√ľnther 2010-01-21 19:22:31 UTC
In addition to the browser this also affects E-Mail (modest)
Comment 5 timeless 2010-01-28 18:16:15 UTC
re comment 1, no. please do *not* confuse client certificates with server
certificates. problems with one are *not* related to problems with the other.
they must be handled separately.
Comment 6 Andre Klapper maemo.org 2010-02-01 14:52:35 UTC
This has been fixed internally for the upcoming PR1.2 release.

A future public update will include the fix. (This is not always already the
next public update.)

To answer popular followup questions:
 * Nokia does not announce release dates of public updates in advance.
 * There is currently no access to these internal, non-public build versions.
   A Brainstorm proposal to change this exists at
Comment 7 ewan 2010-02-01 15:08:27 UTC
"There is currently no access to these internal, non-public build versions."

There have been suggestions in the past (on t.m.o) that fixes are committed to
the maemo.gitorious.org trees before they're released as binaries. Can you
confirm whether this fix is published there already or not, and if it is, give
us a pointer to it so that anyone interested in building from source can
identify the fix in the git tree?
Comment 8 tuukka.tolvanen nokia 2010-02-02 02:41:45 UTC
No, browser components are not available on gitorious. (The relevant upstream
is hg anyhow.)
Comment 9 Andre Klapper maemo.org 2010-03-15 20:51:50 UTC
Setting explicit PR1.2 milestone (so it's clearer in which public release the
fix will be available to users).

Sorry for the bugmail noise (you can filter on this message).