. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To Current Test - ''' '''[[Software/CurrentTest|Software/CurrentTest]]'''
----
= Software Current Tests - Bug 1119 Testmatrix =
[[https://bugs.cacert.org/view.php?id=1119| Bug #1119]] "Error importing CRL to Firefox/Thunderbird"
== Analyze, Testmatrix ==
* There are 4 test scenarios:
1. import public CAcert root key
1. import public CAcert subroot (class3) key
1. import root CRL
1. import subroot (class3) CRL
* please mark your results with
* success {g}
* fail {r}
* key present +
* key not present -
* longer remarks mark with x^#^) and place remark below the table
|| OS and Browser combination || public CAcert<<BR>>root key || public CAcert<<BR>>subroot<<BR>>(class3) key || root CRL || subroot<<BR>>(class3) CRL || Client<<BR>>Cert || Remarks ||
|| Windows ?, Firefox ? || || || {r} || || || SK, Error Code: ffffe0b0 ||
|| Windows ?, Thunderbird ? || || || {r} || || || SK, Error Code: ffffe0b0 ||
|| Knoppix 6.7.0, Firefox ? || || || {g} || || || SK ||
|| Win7 64bit, Firefox 16 || || || {r} || || || RL ||
|| Win7 64bit, Firefox 17 || || || {r} || || || RL ||
|| Linux ?, Seamonkey ? || || || {g} || || || RL ||
|| Win7 ?, Seamonkey ? || || || {g} || || || RL ||
|| Linux, FF17 || - || + || {g} || {r} || || BJ, Error Code:ffffe0b0 ||
|| Linux, FF17 || + || + || {r} || {r} || || BJ, Error Code:ffffe0b0, x^4^ ||
|| Linux, FF17 || + || - || {r} || {g} || || BJ, Error Code:ffffe0b0 ||
|| Linux, FF17 || - || - || {g} || {g} || || BJ ||
|| Win7, Eudora OSE || + || || || || {r} || AL, x^2^ ||
|| Win7 32bit, || || || {g} || {g} || || MM, 2012-12-01 , 2012-12-04 ||
|| Win7 64bit, || || || {r} || {r} || || MM, Error Code:ffffe0b0 ||
|| !OpenSuse 12.1 32bit, FF17.0.1 || + || + || {r} || {r} || || BJ, Error Code:ffffe0b0 ||
|| !OpenSuse 12.1 64bit, FF17.0.1 || + || + || {r} || {r} || || BJ, Error Code:ffffe0b0, x^4^ ||
|| !OpenSuse 12.1 32bit, FF12 || + || + || {g} || {g} || || BJ x^3^ ||
|| Win 6,7,8; FF17esr || {g} || {g} || {g} || {g} || || JB ||
|| Linux Mint 32+64bit; FF17esr || {g} || {g} || {g} || {g} || || JB ||
|| Linux Mandriva 32+64bit; FF17esr || {g} || {g} || {g} || {g} || || JB ||
|| WinXP Pro, FF 17 || || || {r} || {r} || || JB ||
|| WinXP Pro, FF 17esr || || || {r} || {g} || || JB ||
|| VBox: Win7 32bit, FF12 || + || + || {g} || {g} || || BJ x^3^ ||
|| VBox: Win7 32bit, FF17.0.1 || + || + || {r} || {r} || || BJ, Error Code:ffffe0b0, x^4^ ||
|| VBox: Win7 32bit, FF17.0.1 || + || - || {r} || || || BJ, Error Code:ffffe0b0 ||
|| VBox: Ubuntu 12.04 TLS 32bit, FF17 || + || + || {r} || {r} || || BJ, Error Code:ffffe0b0, x^4^ ||
|| Lubuntu 12.10 x64 FF 17.0.1 || || || {r} || {r} || || !BenBe SAP meeting ||
=== Remarks ===
x^1^) [[https://lists.cacert.org/wws/arc/cacert-support/2012-11/msg00080.html]]
. Mozilla's Bugzilla was said, this issue is due to cutoff for Mozilla products' support of MD5 as a hash algorithm in digital signatures. (see Bug 650355 - since Firefox16 this is implemented)
x^2^) [[https://lists.cacert.org/wws/arc/cacert-support/2012-11/msg00084.html]]
. Digital Signature is Not Valid ... issued by a certificate authority that you do not trust
x^3^) [[https://lists.cacert.org/wws/arc/cacert-support/2012-12/msg00012.html]]
. In older Firefox version (<16) where MD5 hashes were still accepted, when viewing the CAcert class-1 root certificate, Firefox says: "This certificate has been verified for the following uses: SSL Server Certificate, SSL Client Certificate, Email Signer Certificate, Email Recipient Certificate, SSL Certificate Authority, Status Responder Certificate". In these versions also the CRL importing works fine.
. In the newer Firefox 17, when viewing the same (unchanged) CAcert class-1 root certificate, Firefox only verifies the certificate as "Status Responder Certificate", the rest of the entries has gone away. Nevertheless Firefox accepts this class-1 certificate for signing the CAcert server certificate (e.g. www.cacert.org) or for signing the class-3 root certificate. But CRL importing does not work then.
x^4^) These failures only occur when the Firefox config parameter security.enable_md5_signatures is set to false. If it is set to true (enabling MD5 signatures on the CRLs), everything works fine. I have tested this behaviour only for the marked cases, but I assume it is general. BJ
'''''Happy testing'''''
----
. CategorySoftwareAssessment