Closed
Bug 1590596
Opened 5 years ago
Closed 5 years ago
Firefox displays client certificate prompt when not appropriate
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1590888
People
(Reporter: bart, Unassigned)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:70.0) Gecko/20100101 Firefox/70.0
Steps to reproduce:
- Configure an HTTPS site to send a TLS CertificateRequest message to the client with a list of Acceptable Client Certificate CA names. For example, an Apache server with "SSLVerifyClient optional_no_ca" and a reasonable "SSLCACertificateFile" directive in place.
- Load any client certificate into Firefox where this certificate is issued by a CA not in the list of Acceptable Client Certificate CA names from step 1
Actual results:
Firefox will prompt the user to select a client certificate to present to the HTTPS service even though none of the available client certificates is applicable because none are issued by an Acceptable Client Certificate CA.
Expected results:
This prompt should not be displayed unless the browser repository contains a certificate issued by one of the Acceptable Client Certificate CAs.
Note that this behavior is newly changed between Firefox versions 69 and 70
Comment 2•5 years ago
|
||
Bugbug thinks this bug should belong to this component, but please revert this change in case of error.
Component: Untriaged → Security: PSM
Product: Firefox → Core
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•