Closed Bug 184052 Opened 17 years ago Closed 17 years ago
public key certificates erroneously rendered as text
20.13 KB, image/jpeg
Build 2002112304 Hi, I put my certificates (also http://www.privasphere.org/keys/x509/RHpub.p7b) on my website. When I click on those URLs with MSIE6, it correctly starts its certificate manager. When I do the same with Mozilla, it displays lots of awkward carets. Luckily, when I use "Save Page As", it still suggest it to be a text page, but at least doesn't lose the 8th bit, and stores it under the proper filename extension. So, "it works", but it is definitely not user-friendly and requires some unnecessary extra steps. Side Note: When I then see the file then e.g. on the windows desktop and right-click "Open With" and take Mozilla, Mozilla correctly invokes its certification manager that tells me that the certificate is already installed.
Reporter: Please read the component description. Security:general is onyl for security holes and not for SSL/TLS, certificate handling -> PSM
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bsharma → junruh
Version: Trunk → unspecified
Reporter: Can you please correct the mime-type for this key ? Currently the server sends text/plain and mozilla can of course render text/plain in the browser window. IE is broken in this case.. -> invalid
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
Thx for the hint When telling apache "AddType application/pkix-cert .cer .p7b" Mozilla claims it got an "application/x-x509-ca-cert"? Also, it defaults to "Open with CERFile" that brings me down the Microsoft Path. What is the right MIME type to take for a .cer file to get my certificate as smoothely into Mozilla's PSM as possible? For GPG/PGP I took: application/pgp-keys .asc .pgp
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Mozilla and Microsoft products use different MIME content types for downloading certificates. If I'm not mistaken, Microsoft uses the type application/pkix-cert for all certificates, regardless of the type of certificate. Mozilla and Netscape browsers use different mime content types for CA certs, for one's own email cert, and for other users' email certs. The mime types used in Netscape and mozilla browsers are documented here http://wp.netscape.com/eng/security/comm4-cert-download.html#communicator If you download a cert with the mime content type used by Microsoft, the cert will get imported into Microsoft's cert store. If you download a cert using one of the MIME content types used by Mozilla/Netscape, the cert will be imported into mozilla/Netscape's cert store.
Status: REOPENED → RESOLVED
Closed: 17 years ago → 17 years ago
Resolution: --- → INVALID
OK, I understand - it would be great if you could tell me which file is called by Mozilla when it does the "Open with CERFile" option. Thanks
Status: RESOLVED → CLOSED
an subsequently, the mircrosoft key-management is opened even though if I click on "Advanced" no application appears to be pre-selected.
Ralf, I'm surprised by that screen shot. Could you go to Edit/Preferences/Navigator/Helper Applications and check whether in your Mozilla profile, there is a mapping defined for that mime type? If it is, did you do that yourself? If you have it, can you remove it? However, if you don't have a mapping defined there, that would really surprise me. It would mean that something else is disturbing Mozilla's mime type handling.
Kai, there is no mime type in Edit/Preferences/Navigator/Helper Applications, Nelson's http://bugzilla.mozilla.org/show_bug.cgi?id=184649#c2 most likely explains this behaviour.
The screen shot shows a download of a Netscape cert MIME type being sent to an exteran cert manager application. AFAIK, that's never been the expected behavior. If it was sending a Microsoft mime type to the microsoft cert manager, I'd understand that. I think the only way that mozilla would send a Netscape cert mime type to an external cert manager is if mozilla's table of known MIME types has been clobbered somehow. I think that was the point of Kai's comment above.
Just got the newest build 2002121008 and it (CERFile) still happens. But be aware that the above cer is still sent as application/pkix-cert by my server. But if you still think my mime types of Mozilla are clobbered where would I look for this?
OK, Now I see what's happening. Win2K is apparently a little different than older versions of Windows in the handling of certain MIME types and file name extensions. In the registry, - each MIME type points to a file name extension, - each file name extension points to both a) a file type class (e.g. "CERFile") and b) a MIME type - each file type class points to a) a file type name (e.g. "Security Certificate") b) a default icon for this file type, c) one or more applications, e.g. one for "open", one for Add, etc. For example: \HKEY_CLASSES_ROOT\MIME\Database\Content Type\Application\pkix-cert points to extension .cer \HKEY_CLASSES_ROOT\.cer points to file type class "CERFile" and to content content type application/x-x509-CA-cert (This is different than older Windows versions, I think. Older versions pointed to application/pkix-cert, I believe.) \HKEY_CLASSES_ROOT\CERFile contains the file type name string "Security Certificate", and the default icon "%SystemRoot%\System32\cryptui.dll,-3410", and the "shell" open command "rundll cryptext.dll,CryptExtOpenCER %1" So, what's happening in your case is that your server is downloading type application/pkix-cert. Mmozilla does NOT recognize or intercept that MIME type, so it looks in the registry to see what to do with that MIME type, and it finds that it should run an application. So a dialog appears that shows you these things: - the CERFile file name type "Security Certificate" - the CERFile default icon - the mime type to which the .cer file name extension points (which is NOT the mime type that your server gave.) - the option to open the file using the file type class "CERFile" (which you probably never heard of before, and wasn't too helpful. Showing the rundll command might have been more helpful.) The bottom line here is that mozilla handled it exactly the way Windows' registry told it to handle application/pkix-cert. If you want mozilla to put the cert in mozilal's registry, use one of mozilla's known mime types. Mozilla's file download dialog should show the MIME type that the server gave, not the MIME type in WIndows' registry to which the file name extension points, because they are often not the same. That was the source of the confusion here. If the dialog had shown the server's MIME type, this all would have been much clearer from the start. So, I'd say there IS a bug here, but it's not a PSM bug. It's a bug in mozilla's file download dialog. Please open a new bugzilla bug about that. You can cite the info in this comment as the bug details.
Thanks for all the detective work, it's posted in http://bugzilla.mozilla.org/show_bug.cgi?id=184971
You need to log in before you can comment on or make changes to this bug.