Closed Bug 1592446 Opened 5 years ago Closed 5 years ago

SSL Client Certificate Selection list shows ALL certs instead of Certs that only match Server Acceptable CAs

Categories

(Firefox :: Untriaged, defect)

70 Branch
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 1590888

People

(Reporter: steven.brockman, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:70.0) Gecko/20100101 Firefox/70.0

Steps to reproduce:

  • Install multiple client certificates issued from two or more CAs.
  • Configure a Web Server to: require client certs and only accept certs from only one of the CAs above.
  • Attempt to connect to website

Actual results:

Firefox shows a list of ALL the Client Certs installed in the browser certificate store.

Expected results:

It should ONLY list in the (Certificate Selection) dialog dropdown the client certificates that were issued by the CA as configured on the web server "Acceptable CAs".

I verified this by using "openssl s_client" to list that the server is only returning the ONE CA.

Sample Output:
---
Acceptable client certificate CA names
/C=US/O=MyOrg/CN=MyOneCA
---

NOTE: This was working in previous Firefox versions.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.