Closed
Bug 1419718
Opened 7 years ago
Closed 3 years ago
SeaMonkey (partially) ignores "friendly name" from PKCS12 certificate packages
Categories
(SeaMonkey :: General, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: lightning, Unassigned)
Details
site notes: tested on SeaMonkey 2.48 (original Mozilla distribution running on Slackware Linux) and 2.49 (from Fedora Linux 26 repository)
I have several PKCS12 packages containing key/user-cert/ca-certs to import. Packages are generated on the same machine using the same parameters/flags; just keys and user-certs differ. All packages contain the 'friendlyName:' attribute, as added via openssl cli.
<code>
# openssl pkcs12 -in file.p12
Enter Import Password:
MAC verified OK
Bag Attributes
localKeyID: hex stuff here
friendlyName: something i wrote
subject=/CN=.../C=../...
issuer=/...
-----BEGIN CERTIFICATE-----
...
</code>
As far as I understand, this "friendly name" should be used by SeaMonkey in the selection dropdown, wherever I need to pick a certificate.
In some of my cases, this is true (dropdown selection as: friendly name [serial]) whereas in other cases it isn't (dropdown selection as: Imported Certificate [serial]), so I assume a bug here.
Additionally, when viewing certificate details, the root of the certificate layout tree is "friendly name" or 'Imported Certificate' respectively.
For comparison: Firefox uses the certificates' CN from subject here, which is IMHO suboptimal as well, but at least consistent for all my PKCS12 packs.
Assumptions I am still trying to verify but might be helpful:
Certificates with working "friendly name import" don't have a Subject Alternative Name (SAN) at all, whereas non-working ones do have SAN but without the CN attribute.
hmmm :(
Creating a CA for testing and creating a test-certificate with SAN and whithout CN, I built a PKCS12 package that seems to import properly. So my assumption seems to be wrong and I can't really tell, why some of my packs import properly and some don't.
Of course I can't just attach my production packs ;)
![]() |
||
Comment 2•3 years ago
|
||
SeaMonkey is now using a recnt NSS and the code should work the same as in Fx. Please reopen if it still fails any you can provide a sample full testcase including certs.
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•