Thunderbird crashes and creates an invalid email signature using a smart card
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
thunderbird (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: thunderbird
Hi,
I'm trying to make thunderbird sign emails using a smart card. I'm able to load the certificates into thunderbird, installed the corresponding root certificates and assigned them to an identity. Please note, that there are multiple certificates on the card, one for signing, one for encrypting and one for client authentication, as far as I understand. Please see pkcs15-tool and pcsc_scan output for more details on the reader and the certificates.
When I'm trying to sign an email, I have to enter both pins in the reader, afterwards two things happen. Sometimes thunderbird actually signs the email, but the signature is wrong, if I try it a second time thunderbird crashes.
I'll attach a wrongly signed email and a gdb session of thunderbird crashing, including some strangs opensc error messages.
openssl smime -verify -in Desktop/huhu.eml -CAfile 12R-CA1:PN
[...]
Verification failure
3117:error:
3117:error:
3117:error:
thunderbird
[...]
[opensc-pkcs11] card-cardos.
[opensc-pkcs11] card-cardos.
[opensc-pkcs11] sec.c:53:
[opensc-pkcs11] pkcs15-
terminate called after throwing an instance of 'std::bad_alloc'
what(): std::bad_alloc
I suspect that thunderbird mixes up the certificates and keys, because I have to enter both pins although it would only need one to sign an email.
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: thunderbird 3.1.7+build3+
ProcVersionSign
Uname: Linux 2.6.35-25-generic x86_64
Architecture: amd64
Date: Thu Feb 3 18:06:42 2011
EcryptfsInUse: Yes
ProcEnviron:
LANGUAGE=en_GB:en
PATH=(custom, user)
LANG=de_DE.utf8
SHELL=/bin/bash
SourcePackage: thunderbird
I don't know what I changed, but now OpenSC keeps crashing all the time. I can't add opensc-pkcs11.so to thunderbird any more. pkcs15-tool crashes too, even using natty. Please see bug #712827