Closed Bug 1300289 Opened 4 years ago Closed 4 years ago

Firefox for Android seems to not remember allowing client certificates to be presented

Categories

(Firefox for Android :: General, defect)

48 Branch
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 634697
Tracking Status
firefox48 --- affected

People

(Reporter: rqou, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0
Build ID: 20160803004522
Firefox for Android

Steps to reproduce:

1. Figure out how to install (and actually install) a client certificate on Firefox for Android (I did this by installing the "AddCertificate" addon)
2. Visit a site that requests the client certificate you installed. On the "User Identification Request" dialog, verify the "Remember this decision" box is indeed checked.
3. (Possibly needed, uncertain) Visit this site enough times that Firefox thinks it should be a top site.
4. Do "something" that makes Firefox forget about the decision being remembered (closing Firefox from the Android app list is a reliable way to trigger this)


Actual results:

* Visiting the site again brings up the "User Identification Request" again despite being told to remember it.
* Doing "something" and typing in the address bar also brings up the "User Identification Request" dialog despite not explicitly visiting the site (the most reliable way to trigger this is to type enough in the address bar such that the website requesting the client cert is one of the suggestions (does not have to be the "autocomplete" suggestion) and then waiting ~10 seconds without typing anything)


Expected results:

* Visiting the site again shouldn't ask be about presenting client certs.
* Typing stuff in the address bar should never pop up dialogs asking me about presenting client certs, even if I didn't ask Firefox to remember the decision.
A more concrete set of repo steps in case the previous info wasn't clear:
1. Install the AddCertificate addon and import a client certificate for a site (I will be using clientcert.example.com as an example)
2. Visit clientcert.example.com. Agree to present the client certificate. Make sure the remember box is checked.
3. Visit clientcert.example.com a bunch of times
4. Close Firefox via the Android app list and then reopen it
5. Type "c" in the address bar. clientcert.example.com should be at least one of the sites that appear below the address bar.
6. Wait ~10 seconds.
7. A dialog box asking about the client certificate for clientcert.example.com will appear even if you don't intend to visit that site and haven't even pressed enter yet.
Hi Robert,

Thanks for the info, but I was not able to reproduce this using your steps. However I found a different problem using this steps:

1. Clean profile
2. Open FF -> Go to https://adalet.gov.tr/ 
3. Tap 'I Understand the Risks' -> tap 'Add permanent exception'
4. Repeat step 3 -> you get redirected to the page

Actual result:
You are redirected to the page only after step 4

Expected result:
You should be redirected to the website the first time after you add it as a permanent exception(step3)

Are you seeing the same issue?
Status: UNCONFIRMED → NEW
Component: Untriaged → General
Ever confirmed: true
Product: Firefox → Firefox for Android
Hi Alex,

I do see the issue you mention, but that seems to be related to a non-www-->www redirect. I'm not sure how it relates to my bug?

Anyways, it is unfortunately somewhat difficult to test my issue because client certificates are pretty much always used for sites meant to be private. Let me see if I can throw together a test site...
unconfirmed. comment 2 should be a different bug.
Status: NEW → UNCONFIRMED
Ever confirmed: false
Firefox for Android and Firefox for Desktop share the same code for actually remembering what client certs to use.

The code currently can only remember the certs to use at a session level, in memory. It can't persist this information across restarts etc.
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 634697
You need to log in before you can comment on or make changes to this bug.