Open Bug 1229014 Opened 9 years ago Updated 2 years ago

PSM UI (certificate manager, etc.) does a poor job handling certificates with serial numbers over 20 bytes

Categories

(Core :: Security: PSM, defect, P3)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Status:
REOPENED

People

(Reporter: mozilla, Unassigned)

Details

(Whiteboard: [psm-backlog])

Attachments

(1 file)

cert.b64
1.81 KB, text/plain
Details
Attached file cert.b64 
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0
Build ID: 20151030083518

Steps to reproduce:

1. Export CA from Novell eDirectory (Novell Open Enterprise 2015)
2. Imported CA to Authorities (see cert.b64).
3. Called "Edit Trust".
4. Enabled "This certificate can identify websites.", "This certificate can identify mail users." and "This certificate can identify software makers".


Actual results:

After clicking the "OK"-Button nothing happen. The window still keeps open. The settings will not be saved.


Expected results:

Trust settings should be saved.
OS: Unspecified → Windows 10
Priority: -- → P3
Hardware: Unspecified → x86_64
20151029151421
Mozilla/5.0 (X11; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0
@Reporter: I did not experience any errors in Adding or Editing CAs. Are you still experiencing this issue?
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Flags: needinfo?(mozilla)
Resolution: --- → WORKSFORME
Did you try importing the ca I attached (cert.b64)? You will be ablte to import this cert, but you cannot set any trustees.
Flags: needinfo?(mozilla)
@Reporter, Confirmming: 
1) Linux: cert.b64 > Organizational CA/TREE_OESAPP does not import correctly "Import Failed: The password or PIN is incorrect. 
2) Windows 10:  this same cert appears to import but I cannot Edit Trust settings as stated.

Setting to Reopen and I will find appropriate Product/Component.
Status: RESOLVED → REOPENED
Ever confirmed: true
Flags: needinfo?(mozilla)
Resolution: WORKSFORME → ---
Component: Untriaged → Security: PSM
Product: Firefox → Core
What do you mean with "Linux"? Firefox under Linux or central Linux ca storage?

On Ubuntu 15.10 with Firefox 42 I cannot see any difference to the windows one.
Flags: needinfo?(mozilla)
I can successfully import the CA to global Windows and Linux System.
Attachment #8693572 - Attachment mime type: text/x-vhdl → text/plain
That certificate has a serial number that is 36 bytes. Parts of NSS deliberately don't handle certificates with serial numbers longer than 20 bytes because RFC 5280 doesn't require conforming implementations to do so. PSM does a very poor job informing the user that this is the underlying issue. See also bug 1139205.
OS: Windows 10 → Unspecified
Hardware: x86_64 → Unspecified
Summary: CA certificate settings not settable → PSM UI (certificate manager, etc.) does a poor job handling certificates with serial numbers over 20 bytes
Version: 42 Branch → unspecified
David, thanks a lot for the explanation.
I'll tell Novell this issue and hope they'll fix it.

Regards
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: