Closed
Bug 512014
Opened 15 years ago
Closed 11 years ago
Firefox on Vista does not give the correct error message when a client certificate is expired
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: paulp346, Unassigned, NeedInfo)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.3a1pre) Gecko/20090821 Minefield/3.7a1pre Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.3a1pre) Gecko/20090821 Minefield/3.7a1pre If you connect to an SSL web server configured for mutual authentication, but your personal client certificate has expired, the error message thrown is wrong. On XP, the correct error is displayed (certificate expired). On Vista, the error name is "ssl_error_handshake_failure_alert", which doesn't tell the user what actually happened. Reproducible: Always Steps to Reproduce: 1. Have an expired personal certificate 2. Connect to an SSL mutual auth webserver, from a Vista client (not XP) 3. Wrong error message. Actual Results: Error code: ssl_error_handshake_failure_alert Expected Results: Error code: ssl_error_expired_cert_alert. The instructions at the bottom of the alert should also be more helpful, such as telling the user that their cert has expired and needs to be replaced, instead of the current message (contact the web site owners). I have screen shots of both systems, XP (correct message) and Vista (wrong message) if that would help.
Comment 1•15 years ago
|
||
There should not be a difference between vista and XP. Do you get the same wrong error message on vista if you try it with a new profile ? http://support.mozilla.com/en-US/kb/Managing+Profiles
Comment 2•11 years ago
|
||
Perhaps the server recongises that the installed cert is out of date and terminates the connection in an unusual way, or attempts to downgrade to HTTP, hence the ssl_error_handshake_failure_alert?
Comment 3•11 years ago
|
||
Is this still an issue on Latest Versions of Nightly, Aurora or Beta?
Flags: needinfo?(paulp346)
Comment 4•11 years ago
|
||
marking incomplete due to the lack of information from the reporter.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•