. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To Current Test - ''' '''[[Software/CurrentTest|Software/CurrentTest]]'''

----

= Software Current Tests - Bug 1119 Testmatrix =

 [[https://bugs.cacert.org/view.php?id=1119| Bug #1119]] "Error importing CRL to Firefox/Thunderbird"

== Analyze, Testmatrix ==

 * There are 4 test scenarios:
  1. import public CAcert root key
  1. import public CAcert subroot (class3) key
  1. import root CRL
  1. import subroot (class3) CRL

 * please mark your results with
  * success {g}
  * fail {r}
  * key present +
  * key not present -

  * longer remarks mark with x^#^) and place remark below the table

 || OS and Browser combination || public CAcert<<BR>>root key || public CAcert<<BR>>subroot<<BR>>(class3) key || root CRL || subroot<<BR>>(class3) CRL || Client<<BR>>Cert || Remarks ||
 || Windows ?, Firefox ?     ||     ||      ||  {r}   ||          || || SK, Error Code: ffffe0b0 ||
 || Windows ?, Thunderbird ? ||     ||      ||  {r}   ||          || || SK, Error Code: ffffe0b0 ||
 || Knoppix 6.7.0, Firefox ? ||     ||      ||  {g}   ||          || || SK                       ||
 || Win7 64bit, Firefox 16   ||     ||      ||  {r}   ||          || || RL                       ||
 || Win7 64bit, Firefox 17   ||     ||      ||  {r}   ||          || || RL                       ||
 || Linux ?, Seamonkey ?     ||     ||      ||  {g}   ||          || || RL                       ||
 || Win7 ?, Seamonkey ?      ||     ||      ||  {g}   ||          || || RL                       ||
 || Linux, FF17              || -   ||  +   ||  {g}   ||  {r}     || || BJ, Error Code:ffffe0b0  ||
 || Linux, FF17              || +   ||  +   ||  {r}   ||  {r}     || || BJ, Error Code:ffffe0b0, x^4^  ||
 || Linux, FF17              || +   ||  -   ||  {r}   ||  {g}     || || BJ, Error Code:ffffe0b0  ||
 || Linux, FF17              || -   ||  -   ||  {g}   ||  {g}     || || BJ                       ||
 || Win7, Eudora OSE         || +   ||      ||        ||          || {r} || AL, x^2^             ||
 || Win7 32bit,              ||     ||      ||  {g}   ||  {g}     ||     || MM, 2012-12-01 , 2012-12-04  ||
 || Win7 64bit,              ||     ||      ||  {r}   ||  {r}     ||     || MM, Error Code:ffffe0b0 ||
 || !OpenSuse 12.1 32bit, FF17.0.1 || + || + ||  {r}   ||  {r}    ||     || BJ, Error Code:ffffe0b0 ||
 || !OpenSuse 12.1 64bit, FF17.0.1 || + || + ||  {r}   ||  {r}    ||     || BJ, Error Code:ffffe0b0, x^4^ ||
 || !OpenSuse 12.1 32bit, FF12     || + || + ||  {g}   ||  {g}    ||     || BJ x^3^                 ||
 || Win 6,7,8; FF17esr       || {g} || {g}  || {g} || {g}     ||     || JB                   ||
 || Linux Mint 32+64bit; FF17esr || {g} || {g}  || {g} || {g}     ||     || JB                   ||
 || Linux Mandriva 32+64bit; FF17esr || {g} || {g}  || {g} || {g}    ||     || JB                   ||
 || WinXP Pro, FF 17           ||     ||      ||  {r}   ||  {r}   ||     || JB                   ||
 || WinXP Pro, FF 17esr        ||     ||      ||  {r}   ||  {g}   ||     || JB                   ||
 || VBox: Win7 32bit, FF12     ||  +  ||  +   ||  {g}   ||  {g}   ||     || BJ x^3^                 ||
 || VBox: Win7 32bit, FF17.0.1 ||  +  ||  +   ||  {r}   ||  {r}   ||     || BJ, Error Code:ffffe0b0, x^4^ ||
 || VBox: Win7 32bit, FF17.0.1 ||  +  ||   -  ||  {r}   ||        ||     || BJ, Error Code:ffffe0b0 ||
 || VBox: Ubuntu 12.04 TLS 32bit, FF17 ||  +  ||   +  || {r} || {r} ||     || BJ, Error Code:ffffe0b0, x^4^ ||
 || Lubuntu 12.10 x64 FF 17.0.1  ||      ||    || {r}    ||  {r}    ||      || !BenBe SAP meeting  ||


=== Remarks ===
 x^1^) [[https://lists.cacert.org/wws/arc/cacert-support/2012-11/msg00080.html]]
  . Mozilla's Bugzilla was said, this issue is due to cutoff for Mozilla products' support of MD5 as a hash algorithm in digital signatures. (see Bug 650355 - since Firefox16 this is implemented)

 x^2^) [[https://lists.cacert.org/wws/arc/cacert-support/2012-11/msg00084.html]]
  . Digital Signature is Not Valid ... issued by a certificate authority that you do not trust

 x^3^) [[https://lists.cacert.org/wws/arc/cacert-support/2012-12/msg00012.html]]
  . In older Firefox version (<16) where MD5 hashes were still accepted, when viewing the CAcert class-1 root certificate, Firefox says: "This certificate has been verified for the following uses: SSL Server Certificate, SSL Client Certificate, Email Signer Certificate, Email Recipient Certificate, SSL Certificate Authority, Status Responder Certificate". In these versions also the CRL importing works fine.
  . In the newer Firefox 17, when viewing the same (unchanged) CAcert class-1 root certificate, Firefox only verifies the certificate as "Status Responder Certificate", the rest of the entries has gone away. Nevertheless Firefox accepts this class-1 certificate for signing the CAcert server certificate (e.g. www.cacert.org) or for signing the class-3 root certificate. But CRL importing does not work then.

 x^4^) These failures only occur when the Firefox config parameter security.enable_md5_signatures is set to false. If it is set to true (enabling MD5 signatures on the CRLs), everything works fine. I have tested this behaviour only for the marked cases, but I assume it is general. BJ


'''''Happy testing'''''

----
 . CategorySoftwareAssessment