Firefox continues to present a client certificate which has been deleted from its certificate store, until it is restarted

UNCONFIRMED
Unassigned

Status

()

Core
Security: PSM
P3
normal
UNCONFIRMED
5 months ago
5 months ago

People

(Reporter: William Gallafent, Unassigned)

Tracking

53 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [psm-backlog])

(Reporter)

Description

5 months ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170518000419

Steps to reproduce:

Connect to a server which requires a client certificate to be presented. Remove the certificate from the certificate store. Reload the tab.


Actual results:

The old (now deleted) certificate continues to be presented to the server.


Expected results:

The standard “choose a client certificate” dialog should be presented. The old cert should have been removed completely from the certificate store and from Firefox's cache.

Updated

5 months ago
Component: Untriaged → Security: PSM
Product: Firefox → Core
There's probably at least a few different things going on here:
* Deleting a certificate doesn't really delete it until you restart Firefox, in general
* Refreshing the page might reload it from the cache, in which case the user won't be prompted for a certificate
* Depending on the setup, if the server is using TLS session tickets, it might not ask again for a certificate (not actually sure about this one - probably pretty server-dependent)
Priority: -- → P3
Whiteboard: [psm-backlog]
You need to log in before you can comment on or make changes to this bug.