consider allowing end-entities to be their own trust anchors (basically revert bug 1294580)

RESOLVED FIXED in Firefox 68

Status

()

defect
P1
normal
RESOLVED FIXED
6 months ago
3 months ago

People

(Reporter: 249.shashi, Assigned: keeler)

Tracking

(Blocks 2 bugs)

63 Branch
mozilla68
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox68 fixed)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 attachment)

Reporter

Description

6 months ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Steps to reproduce:

1. Installed localhost certificated and added to trusted list and availabled in Keychains.
2. Tested in Chrome and Safari browsers and these browsers accepting that localhost trusted certificate but it is failing with Mozilla.
3. For this followed about:config and enabled security.enterprise_roots.enabled boolean value to true but this is not working Mac mozilla browser, where as same process working in windows mozilla browser 

Tested this with Mozilla 63 and latest version 64 also.



Actual results:

Mozilla browser detecting them as untrusted site. Even though Safari and chrome browsers are accepting that as trusted.


Expected results:

Localhost trusted certificates available in Mac OS keychains should be accepted by Mozilla browser. And it should not show the site as untrusted.
Component: Untriaged → Security: PSM
Product: Firefox → Core
Blocks: 1513069
Priority: -- → P2
Summary: macOS (Mac OS X) platform support for trusting self signed certificate → consider allowing end-entities to be their own trust anchors (basically revert bug 1294580)
Whiteboard: [psm-backlog]
Duplicate of this bug: 1527100
Assignee: nobody → dkeeler
Priority: P2 → P1
Whiteboard: [psm-backlog] → [psm-assigned]
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Comment 3

3 months ago
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/143fe24df3a9
allow end-entity certificates to be trust anchors for compatibility r=jcj

Comment 4

3 months ago
bugherder
Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68

Updated

3 months ago
Blocks: 1541012
You need to log in before you can comment on or make changes to this bug.