Open Bug 1443554 Opened 7 years ago Updated 2 years ago

show an error message when importing a certificate in the certificate manager fails

Categories

(Core :: Security: PSM, defect, P3)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox58 --- affected
firefox59 --- affected
firefox60 --- affected

People

(Reporter: jeremy.vignelles, Unassigned)

Details

(Whiteboard: [psm-backlog])

Attachments

(1 file)

DEV3I-firefox-CA_87f875d93d084160abe19275e9131dc9.cer
1.14 KB, application/x-x509-ca-cert
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36 Steps to reproduce: In firefox dev edition 59.0b14 on windows, I tried to import a public certificate I received from microsoft Azure. I went to the "Authorities" tab in the "Certificate manager" dialog, clicked "Import", selected the attached certificate, clicked ok, and waited Actual results: Nothing Expected results: Either the dialog that allows me to select the usages I want for that certificate, or an error message explaining what's wrong with that certificate. I then tried to import the certificate in the windows certificate manager, exported it in .cer (DER encoded), and imported it successfully with firefox.
Hi, I tested this issue on Windows 10 x64 and Mac OS X 10.12 with FF 59.0b14, FF 58 release version and FF Nightly 60.0a1(2018-03-07) and I can reproduce the actual result. I'm not sure what is the expected result but maybe someone with more experience on this can clear this out.
Status: UNCONFIRMED → NEW
status-firefox58: --- → affected
status-firefox59: --- → affected
status-firefox60: --- → affected
Component: Untriaged → Security: PSM
Ever confirmed: true
OS: Unspecified → All
Product: Firefox → Core
Hardware: Unspecified → All
Version: 59 Branch → Trunk
For the record, I compared the working base64 certificate/not working certificates. The difference I see is that the "working" certificate has --- BEGIN CERTIFICATE --- headers and footers, and the lines are wrapped, whereas the Azure certificate has the base64 inline. I then suppose that the format is not what is expected by firefox, and there should be one of those two things happening: - Reject the certificate with a message - Assume that the base64 represents a valid certificate, even without headers, and try to parse it.
Ah, I see what you're saying now. Yes - if Firefox doesn't understand the format of the certificate it silently does nothing, which isn't very helpful.
Priority: -- → P3
Summary: .cer certificate import failure without any error message → show an error message when importing a certificate in the certificate manager fails
Whiteboard: [psm-backlog]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: