Importing a cert immediately after deleting it in the cert mgr does not work

RESOLVED DUPLICATE of bug 435159

Status

()

RESOLVED DUPLICATE of bug 435159
3 years ago
3 years ago

People

(Reporter: Ikonta, Unassigned)

Tracking

38 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(4 attachments)

3.64 KB, application/pkix-cert
Details
3.56 KB, application/x-pkcs12
Details
3.56 KB, application/x-pkcs12
Details
3.56 KB, application/x-pkcs12
Details
(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0
Build ID: 20150525110815

Steps to reproduce:

I use amd64 Gentoo build of www-client/firefox-31.7.0.
To reproduce this issue you need CA certificate and three client certificates, vrified by this CA.

First time: start FF and import two of client certificates.
After that quit FF and start it again.
Goto certificate manager, remove one of previously imported certificates and import the rest one.


Actual results:

After typing passphrase I've seen apeeared not only the imported certificate item, but also the deleted one!


Expected results:

I expect, just imported certificate appear into list, without returning deleted one.

P.S. Cache cleane probably will be a workaround.

Updated

3 years ago
Component: Untriaged → Security: PSM
Product: Firefox → Core
(Reporter)

Comment 1

3 years ago
Issue was confirmed in recent ESR (38.2.1).
Version: 31 Branch → 38 Branch

Comment 2

3 years ago
Any public CA certificate and three client certificates to test that?
(Reporter)

Comment 3

3 years ago
AFAIK _restricted_ (!) client certs are incompatibe with public CA model. I don't work with Webmoney (and I don't know other widely known public service, which uses client certificate authentication), but AFAIK even then Certification Authority uses some kind of custom CA certificate.
Maybe by issuing intermediate CA… But it stays question about CRL.
I can attach example certs files or, better, because generated by different versions of OpenSSL certs differ (gnutls not tested at all yet), to describe procedure somewhere in wiki or better in forum (somebody who knows English better is welcome to mergi it into wiki).

But just now I've find another way to check this bug:
1. Import CA or start FF with imported example test CA certificate. You can get any of such, for example from bug #1202636.
2. Delete this CA certificate.
3. Try to import it again.
After step 3 you'll get error message "certificate already imported", although it is not only imported, but already deleted.
(Reporter)

Comment 4

3 years ago
Created attachment 8660643 [details]
ca.crt

Attaching chain's root (custom CA) to show originally described issue.
(Reporter)

Comment 5

3 years ago
Created attachment 8660644 [details]
user1.pfx

First user's certificate.
PIN — 0000
(Reporter)

Comment 6

3 years ago
Created attachment 8660645 [details]
user2.pfx

Second user's certificate.
PIN — 0000
(Reporter)

Comment 7

3 years ago
Created attachment 8660646 [details]
user3.pfx

Third user's certificate.
PIN — 0000

Comment 8

3 years ago
Thanks for filing the report. This looks like the same basic issue described in Bug 435159.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Summary: incomplete deletion of client certificate → Importing a cert immediately after deleting it in the cert mgr does not work
Duplicate of bug: 435159
You need to log in before you can comment on or make changes to this bug.