maemo.org Bugzilla – Bug 8276
Imported SSL Certificates not recognized after PR1.1
Last modified: 2010-03-15 20:51:50 UTC
You need to
before you can comment on or make changes to this bug.
STEPS TO REPRODUCE THE PROBLEM:
1. Start browser.
2. Get Rootcertifcate (Class 1 PKI/PEM) from
3. Import the certificate with Certificate manager (server purpose)
4. Visit a page hosted on an https server with a certificate signed by the
above root certificate, such as <https://www.cacert.org/>.
The installed certificate is available and used immediately to verify sites'
Secure Connection Failed
www.cacert.org uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
Always - also after browser is closed and re-opened or a reboot of the whole
EXTRA SOFTWARE INSTALLED:
Fresh device with just updated to PR 1.1.
Maybe it sounds like Bug 6211 (https://bugs.maemo.org/show_bug.cgi?id=6211) -
this was before PR 1.1. Now even a reboot of the device doesn't help. There are
also other people reporting this bug:
This also happens with .p12 client certificates.
*** This bug has been confirmed by popular vote. ***
I can confirm this bug. I've tested with different CA and client certificates,
and all are getting ignored after the upgrade to PR1.1.
The certificates are still displayed correctly in the Certificate Manager, but
they are not used by the the browser or email application.
In addition to the browser this also affects E-Mail (modest)
re comment 1, no. please do *not* confuse client certificates with server
certificates. problems with one are *not* related to problems with the other.
they must be handled separately.
This has been fixed internally for the upcoming PR1.2 release.
A future public update will include the fix. (This is not always already the
next public update.)
To answer popular followup questions:
* Nokia does not announce release dates of public updates in advance.
* There is currently no access to these internal, non-public build versions.
A Brainstorm proposal to change this exists at
"There is currently no access to these internal, non-public build versions."
There have been suggestions in the past (on t.m.o) that fixes are committed to
the maemo.gitorious.org trees before they're released as binaries. Can you
confirm whether this fix is published there already or not, and if it is, give
us a pointer to it so that anyone interested in building from source can
identify the fix in the git tree?
No, browser components are not available on gitorious. (The relevant upstream
is hg anyhow.)
Setting explicit PR1.2 milestone (so it's clearer in which public release the
fix will be available to users).
Sorry for the bugmail noise (you can filter on this message).