Closed Bug 1175124 Opened 9 years ago Closed 8 years ago

Importing a cert immediately after deleting it in the cert mgr does not work

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
38 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 435159

People

(Reporter: Ikonta, Unassigned)

Details

Attachments

(4 files)

ca.crt
3.64 KB, application/pkix-cert
Details
user1.pfx
3.56 KB, application/x-pkcs12
Details
user2.pfx
3.56 KB, application/x-pkcs12
Details
user3.pfx
3.56 KB, application/x-pkcs12
Details 
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0
Build ID: 20150525110815

Steps to reproduce:

I use amd64 Gentoo build of www-client/firefox-31.7.0.
To reproduce this issue you need CA certificate and three client certificates, vrified by this CA.

First time: start FF and import two of client certificates.
After that quit FF and start it again.
Goto certificate manager, remove one of previously imported certificates and import the rest one.


Actual results:

After typing passphrase I've seen apeeared not only the imported certificate item, but also the deleted one!


Expected results:

I expect, just imported certificate appear into list, without returning deleted one.

P.S. Cache cleane probably will be a workaround.
Component: Untriaged → Security: PSM
Product: Firefox → Core
Issue was confirmed in recent ESR (38.2.1).
Version: 31 Branch → 38 Branch
Any public CA certificate and three client certificates to test that?
AFAIK _restricted_ (!) client certs are incompatibe with public CA model. I don't work with Webmoney (and I don't know other widely known public service, which uses client certificate authentication), but AFAIK even then Certification Authority uses some kind of custom CA certificate.
Maybe by issuing intermediate CA… But it stays question about CRL.
I can attach example certs files or, better, because generated by different versions of OpenSSL certs differ (gnutls not tested at all yet), to describe procedure somewhere in wiki or better in forum (somebody who knows English better is welcome to mergi it into wiki).

But just now I've find another way to check this bug:
1. Import CA or start FF with imported example test CA certificate. You can get any of such, for example from bug #1202636.
2. Delete this CA certificate.
3. Try to import it again.
After step 3 you'll get error message "certificate already imported", although it is not only imported, but already deleted.
Attached file ca.crt 
Attaching chain's root (custom CA) to show originally described issue.
Attached file user1.pfx 
First user's certificate.
PIN — 0000
Attached file user2.pfx 
Second user's certificate.
PIN — 0000
Attached file user3.pfx 
Third user's certificate.
PIN — 0000
Thanks for filing the report. This looks like the same basic issue described in Bug 435159.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Summary: incomplete deletion of client certificate → Importing a cert immediately after deleting it in the cert mgr does not work
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: