Closed
Bug 184052
Opened 22 years ago
Closed 22 years ago
public key certificates erroneously rendered as text
Categories
(Core Graveyard :: Security: UI, defect, P3)
Tracking
(Not tracked)
CLOSED
INVALID
People
(Reporter: hauser, Assigned: ssaux)
References
()
Details
Attachments
(1 file)
|
20.13 KB,
image/jpeg
|
Details |
When I go on my .cer URL, I immediately get the following screen
Build 2002112304
Hi, I put my certificates (also http://www.privasphere.org/keys/x509/RHpub.p7b)
on my website.
When I click on those URLs with MSIE6, it correctly starts its certificate
manager. When I do the same with Mozilla, it displays lots of awkward carets.
Luckily, when I use "Save Page As", it still suggest it to be a text page, but
at least doesn't lose the 8th bit, and stores it under the proper filename
extension.
So, "it works", but it is definitely not user-friendly and requires some
unnecessary extra steps.
Side Note:
When I then see the file then e.g. on the windows desktop and right-click "Open
With" and take Mozilla, Mozilla correctly invokes its certification manager that
tells me that the certificate is already installed.
|
||
Comment 1•22 years ago
|
||
Reporter:
Please read the component description. Security:general is onyl for security
holes and not for SSL/TLS, certificate handling
-> PSM
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bsharma → junruh
Version: Trunk → unspecified
|
|
||
Comment 2•22 years ago
|
||
Reporter:
Can you please correct the mime-type for this key ?
Currently the server sends text/plain and mozilla can of course render
text/plain in the browser window.
IE is broken in this case..
-> invalid
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
|
Reporter | |
Comment 3•22 years ago
|
||
Thx for the hint
When telling apache "AddType application/pkix-cert .cer .p7b" Mozilla claims it
got an "application/x-x509-ca-cert"?
Also, it defaults to "Open with CERFile" that brings me down the Microsoft Path.
What is the right MIME type to take for a .cer file to get my certificate as
smoothely into Mozilla's PSM as possible?
For GPG/PGP I took:
application/pgp-keys .asc .pgp
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
|
||
Updated•22 years ago
|
Priority: -- → P3
Version: unspecified → 2.4
|
||
Comment 4•22 years ago
|
||
Mozilla and Microsoft products use different MIME content types for
downloading certificates.
If I'm not mistaken, Microsoft uses the type application/pkix-cert for all
certificates, regardless of the type of certificate.
Mozilla and Netscape browsers use different mime content types for CA
certs, for one's own email cert, and for other users' email certs.
The mime types used in Netscape and mozilla browsers are documented here
http://wp.netscape.com/eng/security/comm4-cert-download.html#communicator
If you download a cert with the mime content type used by Microsoft, the cert
will get imported into Microsoft's cert store. If you download a cert using
one of the MIME content types used by Mozilla/Netscape, the cert will be
imported into mozilla/Netscape's cert store.
Status: REOPENED → RESOLVED
Closed: 22 years ago → 22 years ago
Resolution: --- → INVALID
|
|
Reporter | |
Comment 5•22 years ago
|
||
OK, I understand - it would be great if you could tell me which file is called
by Mozilla when it does the "Open with CERFile" option. Thanks
Status: RESOLVED → CLOSED
|
|
Reporter | |
Comment 6•22 years ago
|
||
an subsequently, the mircrosoft key-management is opened even though if I click
on "Advanced" no application appears to be pre-selected.
|
||
Comment 7•22 years ago
|
||
Ralf, I'm surprised by that screen shot.
Could you go to Edit/Preferences/Navigator/Helper Applications and check whether
in your Mozilla profile, there is a mapping defined for that mime type?
If it is, did you do that yourself?
If you have it, can you remove it?
However, if you don't have a mapping defined there, that would really surprise
me. It would mean that something else is disturbing Mozilla's mime type handling.
|
|
Reporter | |
Comment 8•22 years ago
|
||
Kai, there is no mime type in Edit/Preferences/Navigator/Helper Applications,
Nelson's http://bugzilla.mozilla.org/show_bug.cgi?id=184649#c2 most likely
explains this behaviour.
|
|
||
Comment 9•22 years ago
|
||
The screen shot shows a download of a Netscape cert MIME type being sent to
an exteran cert manager application. AFAIK, that's never been the expected
behavior. If it was sending a Microsoft mime type to the microsoft cert
manager, I'd understand that. I think the only way that mozilla would send
a Netscape cert mime type to an external cert manager is if mozilla's table
of known MIME types has been clobbered somehow. I think that was the point
of Kai's comment above.
|
|
Reporter | |
Comment 10•22 years ago
|
||
Just got the newest build 2002121008 and it (CERFile) still happens. But be
aware that the above cer is still sent as application/pkix-cert by my server.
But if you still think my mime types of Mozilla are clobbered where would I look
for this?
|
|
||
Comment 11•22 years ago
|
||
OK, Now I see what's happening. Win2K is apparently a little different than
older versions of Windows in the handling of certain MIME types and file name
extensions. In the registry,
- each MIME type points to a file name extension,
- each file name extension points to both
a) a file type class (e.g. "CERFile") and
b) a MIME type
- each file type class points to
a) a file type name (e.g. "Security Certificate")
b) a default icon for this file type,
c) one or more applications, e.g. one for "open", one for Add, etc.
For example:
\HKEY_CLASSES_ROOT\MIME\Database\Content Type\Application\pkix-cert
points to extension .cer
\HKEY_CLASSES_ROOT\.cer
points to file type class "CERFile"
and to content content type application/x-x509-CA-cert
(This is different than older Windows versions, I think.
Older versions pointed to application/pkix-cert, I believe.)
\HKEY_CLASSES_ROOT\CERFile
contains the file type name string "Security Certificate", and
the default icon "%SystemRoot%\System32\cryptui.dll,-3410", and
the "shell" open command "rundll cryptext.dll,CryptExtOpenCER %1"
So, what's happening in your case is that your server is downloading type
application/pkix-cert. Mmozilla does NOT recognize or intercept that MIME
type, so it looks in the registry to see what to do with that MIME type,
and it finds that it should run an application. So a dialog appears that
shows you these things:
- the CERFile file name type "Security Certificate"
- the CERFile default icon
- the mime type to which the .cer file name extension points
(which is NOT the mime type that your server gave.)
- the option to open the file using the file type class "CERFile"
(which you probably never heard of before, and wasn't too helpful.
Showing the rundll command might have been more helpful.)
The bottom line here is that mozilla handled it exactly the way Windows'
registry told it to handle application/pkix-cert. If you want mozilla to
put the cert in mozilal's registry, use one of mozilla's known mime types.
Mozilla's file download dialog should show the MIME type that the server
gave, not the MIME type in WIndows' registry to which the file name extension
points, because they are often not the same. That was the source of the
confusion here. If the dialog had shown the server's MIME type, this all
would have been much clearer from the start.
So, I'd say there IS a bug here, but it's not a PSM bug. It's a bug in
mozilla's file download dialog. Please open a new bugzilla bug about that.
You can cite the info in this comment as the bug details.
|
|
Reporter | |
Comment 12•22 years ago
|
||
Thanks for all the detective work, it's posted in
http://bugzilla.mozilla.org/show_bug.cgi?id=184971
|
||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•