Closed Bug 1250818 Opened 6 years ago Closed 6 years ago

View Certificate: Issued By 'Organization (O)' shown incorrect


(Core :: Security: PSM, defect)

44 Branch
Not set



Tracking Status
firefox47 --- fixed


(Reporter: kjawahark, Assigned: keeler)




(2 files)

Attached image Certificate Viewer
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:44.0) Gecko/20100101 Firefox/44.0
Build ID: 20160210153822

Steps to reproduce:

View a certificate from a web server configured using a self-signed certificate which has only CN value, other DNs are left blank.

Simple way to reproduce:
Create a Self-Singed certificate which has only CN, others left blank
Import the Certificate
 Preferences -> Advanced -> Certificates - View Certificates -> Authorities -> Import
Import the certificate
Then double click  on the imported cert to view
Check the 'Issued By' Common Name and Organization

Actual results:

The certificate has no value for 'Organization(O)' in Issuer, but it shows the 'Common Name' value in 'Organization'.

Expected results:

When the Self-Signed Certificate has no value on Issuer Organization, no value should be shown in the certificate view
Component: Untriaged → Security: UI
Product: Firefox → Core
Component: Security: UI → Security: PSM
Looks like this is a result of a change made in bug 316710 (see bug 316710 comment 5: "for display purposes, when a cert has no isser org, fall back to common name"). For what it's worth, this seems to be the wrong level at which to implement such a fallback (i.e. the front-end should do whatever processing is necessary - the interface level needs to provide an accurate answer when queried for various certificate properties).
Ever confirmed: true
Before this change, if a certificate's issuer DN did not have an organization
component, nsIX509Cert.issuerOrganization would fall back to using the issuer
common name. This was never a good idea, because this gave misleading
information to consumers of this interface. Furthermore, it appears that all
consumers of this interface already do such a fallback (for display purposes)
when they've determined that it's a reasonable thing to do.

Review commit:
See other reviews:
Attachment #8724223 - Flags: review?(cykesiopka.bmo)
Assignee: nobody → dkeeler
Comment on attachment 8724223 [details]
MozReview Request: bug 1250818 - remove certificate issuer organization to common name fallback r?Cykesiopka

Looks good.
Attachment #8724223 - Flags: review?(cykesiopka.bmo) → review+
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
You need to log in before you can comment on or make changes to this bug.