Cannot trust a new Certificate Authority



17 years ago
14 years ago


(Reporter: junruh, Assigned: sfraser_bugs)



Dependency tree / graph




(1 attachment)



17 years ago
1.) Visit the above site and click on "Get the CA cert"
What happens: Nothing
What is expected: That a window appears asking what parts of the CA to trust.

Comment 1

17 years ago
junruh, does it work in Mozilla?

Comment 2

17 years ago
Yes, it works in Mozilla.
Priority: -- → P3

Comment 3

17 years ago
Assignee: saari → bryner

Comment 4

17 years ago
*** Bug 154202 has been marked as a duplicate of this bug. ***
would this be a blocker?
Blocks: 147975

Comment 6

17 years ago
Since there is no signed email involved, and no way to acquire a personal cert
for client auth either, this is not a blocker. 

Comment 7

17 years ago
This URL above raises two issues: trusting a new, previously unknown Certificate
Authority, and client certificate authenitcation support.  This probably
requires an RFE to implement something like CDSA
( so that the browser is
compliant with X.509 certificate requests. I for one would really like to see
both of these abilities implemented. 

Probalby not a huge deal for the average user, but important to those with
special security needs such as custom-built certificate authorities, self-signed
CAs, and strong public key authentication to secure sites. These capabilities
both exist in Mozilla and were present in Netscape browsers as far back as v3.x.
No longer blocks: 147975
Still true with build id 2003082402

Comment 9

15 years ago
This bug is related to #170355. The workaround described there seems to work. I
copied the cert8.db and key3.db from my Mozilla profile to my camino profile
folder and I was asked for my master password when accessing a site which needs
by personal certificate and it works!

Can someone enlighten me what files are neede for what?

I also copied the Security-Folder from my mozilla profile, it contains three
files. Also present in the mozilla profile:

My camino profile had a cert7.db which seems to be an old format.

The Security-Folder seems to be something Mac-specific (see bug #108204), I
guess it's not need in Camino?

Comment 10

15 years ago
still not working in Camino 0.8b, nightly of 2004-06-02 ... :(
think this is an important issue, even if the mozilla-copy-workaround works.


15 years ago
Blocks: 272606

Comment 11

14 years ago
We need to implement nsICertificateDialogs, and have some UI for showing certs.
Assignee: bryner → sfraser_bugs


14 years ago
Target Milestone: --- → Camino1.1

Comment 12

14 years ago
This patch implements all the cert dialogs we need except one:
nsITokenDialogs::ChooseToken() because I have no idea how to get there.

It adds a "Show Certificates" button in the security prefs pane which brings up
a cert management window, and adds the ability to trust new CAs, generate
certs, view certs in various cases etc.

Comment 13

14 years ago
Glances at the patch would be welcome, but I'm just gonna land it on the trunk.

Comment 14

14 years ago
Shouldn't there also be some nibs and images attached? Or did you really do
everything in code?

Comment 15

14 years ago
I have a bunch of new nibs but I see little point in attaching them. There are a
few new images; only one (the certificate icon) you've seen :)

Comment 16

14 years ago
Patch checked in.
Last Resolved: 14 years ago
Resolution: --- → FIXED
Comment on attachment 194987 [details] [diff] [review]
Patch to implement various security/cert dialogs

>+  NSString* titleString   = NSLocalizedStringFromTable(@"PKCS12BackupPasswordTitle", @"CertificateDialogs", @"");

Why use NSLocalizedStringFromTable instead of just NSLocalizedString ?

>Index: src/security/

>+- (void)dealloc
>+  NSLog(@"dealloc %@", self);

This NSLog has been check-in ...

Comment 18

14 years ago
(In reply to comment #17)
> (From update of attachment 194987 [details] [diff] [review] [edit])
> >+  NSString* titleString   =
NSLocalizedStringFromTable(@"PKCS12BackupPasswordTitle", @"CertificateDialogs",
> Why use NSLocalizedStringFromTable instead of just NSLocalizedString ?

Because I wanted to keep all the security strings in a separate .strings file;
it seemed like the right thing to do.
> >Index: src/security/
> >+- (void)dealloc
> >+{
> >+  NSLog(@"dealloc %@", self);
> This NSLog has been check-in ...

I'll do a round of cleanup and remove this.


14 years ago
Keywords: fixed1.8
You need to log in before you can comment on or make changes to this bug.