122593 - Automatic choice of client certificates is invalid

Status: VERIFIED DUPLICATE of bug 91495

(Core Graveyard :: Security: UI, defect, P3)

Description

[Christopher Crawford]

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011127
BuildID:    2001122108

When a server requires a client certificate for SSL, and mozilla is setup to
automatically choose a cert, it always seems to select the last cert added to
the DB.  This occurs even if the server doesn't recognize the issuer on the
cert.  Mozilla should be checking the server provided issuer ID's, and selecting
a cert issued by that issuer.  Really, if the re is any ambiguity to which cert
should be used, it should ask.  Maybe a the selection options should be: 1.
Always present 1st cert for issuer, 2. User should choose if mozilla is unsure,
3. Always choose the client cert.  In the case of 2 or 3, mozilla should only
present a choice of certs that match the vaild issuers.

Reproducible: Always
Steps to Reproduce:
1. Set browser to choose client cert
2. Connect to server at URL
3. Look at choice of certs 



Actual Results:  Choice does not match valid certs for server.

Expected Results:  Choice should choose the only cert that matches the certs the
server will accept.

I will issue a test cert for testing purposes, if asked.

Comment 1

[Mitchell Stoltz (not reading bugmail)]

->PSM

Comment 2

[John Unruh]

Looks like a dupe of RFE bug 91495.

Comment 3

[Stephane Saux]

I have servers that lists the accepted CAs and the client only select certs from
these CAs, and if the client is asked to select automatically, then the lastest
cert from the sets of valid certs for that CA is selected.

If the server doesn't provide a list, then yes, the last one is picked.

Otherwise it's a dupe of RFE

Comment 4

[Stephane Saux]

*** This bug has been marked as a duplicate of 91495 ***

Comment 5

[John Unruh]

Verified dupe.