Closed Bug 1419718 Opened 7 years ago Closed 3 years ago

SeaMonkey (partially) ignores "friendly name" from PKCS12 certificate packages

Categories

(SeaMonkey :: General, defect)

SeaMonkey 2.48 Branch
x86_64
Linux
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INCOMPLETE

People

(Reporter: lightning, Unassigned)

Details

site notes: tested on SeaMonkey 2.48 (original Mozilla distribution running on Slackware Linux) and 2.49 (from Fedora Linux 26 repository) I have several PKCS12 packages containing key/user-cert/ca-certs to import. Packages are generated on the same machine using the same parameters/flags; just keys and user-certs differ. All packages contain the 'friendlyName:' attribute, as added via openssl cli. <code> # openssl pkcs12 -in file.p12 Enter Import Password: MAC verified OK Bag Attributes localKeyID: hex stuff here friendlyName: something i wrote subject=/CN=.../C=../... issuer=/... -----BEGIN CERTIFICATE----- ... </code> As far as I understand, this "friendly name" should be used by SeaMonkey in the selection dropdown, wherever I need to pick a certificate. In some of my cases, this is true (dropdown selection as: friendly name [serial]) whereas in other cases it isn't (dropdown selection as: Imported Certificate [serial]), so I assume a bug here. Additionally, when viewing certificate details, the root of the certificate layout tree is "friendly name" or 'Imported Certificate' respectively. For comparison: Firefox uses the certificates' CN from subject here, which is IMHO suboptimal as well, but at least consistent for all my PKCS12 packs. Assumptions I am still trying to verify but might be helpful: Certificates with working "friendly name import" don't have a Subject Alternative Name (SAN) at all, whereas non-working ones do have SAN but without the CN attribute.
hmmm :( Creating a CA for testing and creating a test-certificate with SAN and whithout CN, I built a PKCS12 package that seems to import properly. So my assumption seems to be wrong and I can't really tell, why some of my packs import properly and some don't. Of course I can't just attach my production packs ;)

SeaMonkey is now using a recnt NSS and the code should work the same as in Fx. Please reopen if it still fails any you can provide a sample full testcase including certs.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.