User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:44.0) Gecko/20100101 Firefox/44.0 Build ID: 20160210153822 Steps to reproduce: View a certificate from a web server configured using a self-signed certificate which has only CN value, other DNs are left blank. Simple way to reproduce: Create a Self-Singed certificate which has only CN, others left blank Import the Certificate Preferences -> Advanced -> Certificates - View Certificates -> Authorities -> Import Import the certificate Then double click on the imported cert to view Check the 'Issued By' Common Name and Organization Actual results: The certificate has no value for 'Organization(O)' in Issuer, but it shows the 'Common Name' value in 'Organization'. Expected results: When the Self-Signed Certificate has no value on Issuer Organization, no value should be shown in the certificate view
Looks like this is a result of a change made in bug 316710 (see bug 316710 comment 5: "for display purposes, when a cert has no isser org, fall back to common name"). For what it's worth, this seems to be the wrong level at which to implement such a fallback (i.e. the front-end should do whatever processing is necessary - the interface level needs to provide an accurate answer when queried for various certificate properties).
Status: UNCONFIRMED → NEW
Ever confirmed: true
3 years ago
Before this change, if a certificate's issuer DN did not have an organization component, nsIX509Cert.issuerOrganization would fall back to using the issuer common name. This was never a good idea, because this gave misleading information to consumers of this interface. Furthermore, it appears that all consumers of this interface already do such a fallback (for display purposes) when they've determined that it's a reasonable thing to do. Review commit: https://reviewboard.mozilla.org/r/36933/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/36933/
Attachment #8724223 - Flags: review?(cykesiopka.bmo)
3 years ago
Assignee: nobody → dkeeler
Comment on attachment 8724223 [details] MozReview Request: bug 1250818 - remove certificate issuer organization to common name fallback r?Cykesiopka https://reviewboard.mozilla.org/r/36933/#review33583 Looks good.
Attachment #8724223 - Flags: review?(cykesiopka.bmo) → review+
You need to log in before you can comment on or make changes to this bug.