Closed Bug 512014 Opened 15 years ago Closed 11 years ago

Firefox on Vista does not give the correct error message when a client certificate is expired

Categories

(Firefox :: Security, defect)

x86
Windows Vista
defect
Not set
normal

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: paulp346, Unassigned, NeedInfo)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.3a1pre) Gecko/20090821 Minefield/3.7a1pre
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.3a1pre) Gecko/20090821 Minefield/3.7a1pre

If you connect to an SSL web server configured for mutual authentication, but your personal client certificate has expired, the error message thrown is wrong.  On XP, the correct error is displayed (certificate expired).  On Vista, the error name is "ssl_error_handshake_failure_alert", which doesn't tell the user what actually happened.

Reproducible: Always

Steps to Reproduce:
1. Have an expired personal certificate
2. Connect to an SSL mutual auth webserver, from a Vista client (not XP)
3. Wrong error message.
Actual Results:  
Error code: ssl_error_handshake_failure_alert

Expected Results:  
Error code: ssl_error_expired_cert_alert. 
The instructions at the bottom of the alert should also be more helpful, such as telling the user that their cert has expired and needs to be replaced, instead of the current message (contact the web site owners).

I have screen shots of both systems, XP (correct message) and Vista (wrong message) if that would help.
There should not be a difference between vista and XP.
Do you get the same wrong error message on vista if you try it with a new profile ?
http://support.mozilla.com/en-US/kb/Managing+Profiles
Perhaps the server recongises that the installed cert is out of date and terminates the connection in an unusual way, or attempts to downgrade to HTTP, hence the ssl_error_handshake_failure_alert?
Is this still an issue on Latest Versions of Nightly, Aurora or Beta?
Flags: needinfo?(paulp346)
marking incomplete due to the lack of information from the reporter.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.