Closed Bug 184052 Opened 17 years ago Closed 17 years ago

public key certificates erroneously rendered as text

Categories

(Core Graveyard :: Security: UI, defect, P3)

1.0 Branch
x86
Windows 2000
defect

Tracking

(Not tracked)

CLOSED INVALID

People

(Reporter: hauser, Assigned: ssaux)

References

()

Details

Attachments

(1 file)

Build 2002112304

Hi, I put my certificates (also http://www.privasphere.org/keys/x509/RHpub.p7b)
on my website.
When I click on those URLs with MSIE6, it correctly starts its certificate
manager. When I do the same with Mozilla, it displays lots of awkward carets.

Luckily, when I use "Save Page As", it still suggest it to be a text page, but
at least doesn't lose the 8th bit, and stores it under the proper filename
extension.
So, "it works", but it is definitely not user-friendly and requires some
unnecessary extra steps.

Side Note:
When I then see the file then e.g. on the windows desktop and right-click "Open
With" and take Mozilla, Mozilla correctly invokes its certification manager that
tells me that the certificate is already installed.
Reporter:
Please read the component description. Security:general is onyl for security
holes and not for SSL/TLS, certificate handling

-> PSM
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bsharma → junruh
Version: Trunk → unspecified
Reporter:
Can you please correct the mime-type for this key ?
Currently the server sends text/plain and mozilla can of course render
text/plain in the browser window.

IE is broken in this case..

-> invalid
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
Thx for the hint

When telling apache "AddType application/pkix-cert .cer .p7b" Mozilla claims it
got an "application/x-x509-ca-cert"?
Also, it defaults to "Open with CERFile" that brings me down the Microsoft Path.

What is the right MIME type to take for a .cer file to get my certificate as
smoothely into Mozilla's PSM as possible?

For GPG/PGP I took:
application/pgp-keys .asc .pgp
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Priority: -- → P3
Version: unspecified → 2.4
Mozilla and Microsoft products use different MIME content types for 
downloading certificates.  

If I'm not mistaken, Microsoft uses the type application/pkix-cert for all 
certificates, regardless of the type of certificate.  

Mozilla and Netscape browsers use different mime content types for CA
certs, for one's own email cert, and for other users' email certs.  
The mime types used in Netscape and mozilla browsers are documented here

http://wp.netscape.com/eng/security/comm4-cert-download.html#communicator

If you download a cert with the mime content type used by Microsoft, the cert 
will get imported into Microsoft's cert store.  If you download a cert using
one of the MIME content types used by Mozilla/Netscape, the cert will be
imported into mozilla/Netscape's cert store.
Status: REOPENED → RESOLVED
Closed: 17 years ago17 years ago
Resolution: --- → INVALID
OK, I understand - it would be great if you could tell me which file is called
by Mozilla when it does the "Open with CERFile" option. Thanks
Status: RESOLVED → CLOSED
an subsequently, the mircrosoft key-management is opened even though if I click
on "Advanced" no application appears to be pre-selected.
Ralf, I'm surprised by that screen shot.

Could you go to Edit/Preferences/Navigator/Helper Applications and check whether
in your Mozilla profile, there is a mapping defined for that mime type?

If it is, did you do that yourself?

If you have it, can you remove it?


However, if you don't have a mapping defined there, that would really surprise
me. It would mean that something else is disturbing Mozilla's mime type handling.
Kai, there is no mime type in Edit/Preferences/Navigator/Helper Applications,
Nelson's http://bugzilla.mozilla.org/show_bug.cgi?id=184649#c2 most likely
explains this behaviour.
The screen shot shows a download of a Netscape cert MIME type being sent to 
an exteran cert manager application.  AFAIK, that's never been the expected
behavior.  If it was sending a Microsoft mime type to the microsoft cert
manager, I'd understand that.  I think the only way that mozilla would send
a Netscape cert mime type to an external cert manager is if mozilla's table
of known MIME types has been clobbered somehow.  I think that was the point
of Kai's comment above.
Just got the newest build 2002121008 and it (CERFile) still happens. But be
aware that the above cer is still sent as application/pkix-cert by my server.
But if you still think my mime types of Mozilla are clobbered where would I look
for this?
OK, Now I see what's happening.  Win2K is apparently a little different than 
older versions of Windows in the handling of certain MIME types and file name
extensions.  In the registry, 
- each MIME type points to a file name extension,
- each file name extension points to both 
   a) a file type class (e.g. "CERFile") and 
   b) a MIME type
- each file type class points to 
   a) a file type name (e.g. "Security Certificate")
   b) a default icon for this file type,
   c) one or more applications, e.g. one for "open", one for Add, etc.  

For example:
   \HKEY_CLASSES_ROOT\MIME\Database\Content Type\Application\pkix-cert
        points to extension .cer
   \HKEY_CLASSES_ROOT\.cer 
        points to file type class "CERFile" 
           and to content content type application/x-x509-CA-cert 
           (This is different than older Windows versions, I think.
            Older versions pointed to application/pkix-cert, I believe.)
   \HKEY_CLASSES_ROOT\CERFile
        contains the file type name string "Security Certificate", and
        the default icon "%SystemRoot%\System32\cryptui.dll,-3410", and
        the "shell" open command "rundll cryptext.dll,CryptExtOpenCER %1"

So, what's happening in your case is that your server is downloading type
application/pkix-cert.  Mmozilla does NOT recognize or intercept that MIME
type, so it looks in the registry to see what to do with that MIME type,
and it finds that it should run an application.  So a dialog appears that
shows you these things:
  - the CERFile file name type "Security Certificate"
  - the CERFile default icon 
  - the mime type to which the .cer file name extension points 
    (which is NOT the mime type that your server gave.)
  - the option to open the file using the file type class "CERFile" 
    (which you probably never heard of before, and wasn't too helpful.
     Showing the rundll command might have been more helpful.)
 
The bottom line here is that mozilla handled it exactly the way Windows'
registry told it to handle application/pkix-cert.  If you want mozilla to
put the cert in mozilal's registry, use one of mozilla's known mime types.

Mozilla's file download dialog should show the MIME type that the server
gave, not the MIME type in WIndows' registry to which the file name extension
points, because they are often not the same.  That was the source of the 
confusion here.  If the dialog had shown the server's MIME type, this all
would have been much clearer from the start.

So, I'd say there IS a bug here, but it's not a PSM bug.  It's a bug in 
mozilla's file download dialog.  Please open a new bugzilla bug about that.  
You can cite the info in this comment as the bug details.
Thanks for all the detective work, it's posted in
http://bugzilla.mozilla.org/show_bug.cgi?id=184971
Product: PSM → Core
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.