Closed Bug 1590596 Opened 5 years ago Closed 5 years ago

Firefox displays client certificate prompt when not appropriate

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
70 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1590888

People

(Reporter: bart, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:70.0) Gecko/20100101 Firefox/70.0

Steps to reproduce:

  1. Configure an HTTPS site to send a TLS CertificateRequest message to the client with a list of Acceptable Client Certificate CA names. For example, an Apache server with "SSLVerifyClient optional_no_ca" and a reasonable "SSLCACertificateFile" directive in place.
  2. Load any client certificate into Firefox where this certificate is issued by a CA not in the list of Acceptable Client Certificate CA names from step 1

Actual results:

Firefox will prompt the user to select a client certificate to present to the HTTPS service even though none of the available client certificates is applicable because none are issued by an Acceptable Client Certificate CA.

Expected results:

This prompt should not be displayed unless the browser repository contains a certificate issued by one of the Acceptable Client Certificate CAs.

Note that this behavior is newly changed between Firefox versions 69 and 70

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Security: PSM
Product: Firefox → Core
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.