Closed Bug 1976531 Opened 10 months ago Closed 10 months ago

Firefox Android Client Certificate prompt not appearing when server sends Acceptable client certificate CA names

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
Firefox 140
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: ga.gatti98, Unassigned)

References

Details

Firefox for Android version 140.0.3 on Android 16 doesn't show the user the prompt to select a certificate for mTLS client authentication on certain websites.

How to reproduce:
(0. Turn on "Use third party CA certificates" in the secret settings)

  1. Install on the Android device the certificate from badssl.com (https://badssl.com/download/)
  2. Connect to https://client.badssl.com
  3. No certificate selection prompt is shown

Connecting to https://server.cryptomix.com instead shows the certificate selection prompt.

The only discriminating factor that I was able to find between the two websites is the fact that client.badssl.com returns a list of Acceptable CA, as it can be seen by the output of openssl client:

openssl s_client -connect client.badssl.com:443 -prexit
Connecting to 104.154.89.105
CONNECTED(00000003)
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=R10
verify return:1
depth=0 CN=*.badssl.com
verify return:1
---
Certificate chain
 0 s:CN=*.badssl.com
   i:C=US, O=Let's Encrypt, CN=R10
   a:PKEY: RSA, 2048 (bit); sigalg: sha256WithRSAEncryption
   v:NotBefore: May 13 20:03:05 2025 GMT; NotAfter: Aug 11 20:03:04 2025 GMT
 1 s:C=US, O=Let's Encrypt, CN=R10
   i:C=US, O=Internet Security Research Group, CN=ISRG Root X1
   a:PKEY: RSA, 2048 (bit); sigalg: sha256WithRSAEncryption
   v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISBljRV2npFllM5ADixo1ctjLrMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTAwHhcNMjUwNTEzMjAwMzA1WhcNMjUwODExMjAwMzA0WjAXMRUwEwYDVQQD
DAwqLmJhZHNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV
u47MgqsWnYRXk2mLcXLbV/8FO1Mdub8rgElD6UXGi/Eb6ncFOI1VUYo8oFDW2fZw
RvlGasr/dPbzHGSeDakGWVU25xp7erveH4/X9J1mTA4IL5VlqTktn9iNf0GSbQJl
QyZkzwwj4CgBznEGmL/cupclMB87R1g+hSWmwo0G3aUthIM6xBu7hS6Hqd6weX/j
230BG0F2chkfw7ioVzPKptaK2ft8WMuRw9U4NTkWspfL//xy+EJy5AmWDn4ftJWg
ckPLliP7oINiVFLzjIOOI2/YA2/T0GV64GAKcqPbQKyeSs3u/M2lXs2qiN9bm8TP
AsEhcWNtd0IHfbBIUhJDAgMBAAGjggIoMIICJDAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
BBYEFLOKP83uqvi5eFEDHpslu42hpw68MB8GA1UdIwQYMBaAFLu8w0el5LypxsOk
cgwQjaI14cjoMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAoYXaHR0cDovL3Ix
MC5pLmxlbmNyLm9yZy8wIwYDVR0RBBwwGoIMKi5iYWRzc2wuY29tggpiYWRzc2wu
Y29tMBMGA1UdIAQMMAowCAYGZ4EMAQIBMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6
Ly9yMTAuYy5sZW5jci5vcmcvMTA4LmNybDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA
7wB1AMz7D2qFcQll/pWbU87psnwi6YVcDZeNtql+VMD+TA2wAAABlstz9FkAAAQD
AEYwRAIgYTeqkMhJpJvlVUxSRbqwlZtEFWDywzChwxbJ8rcrkTMCIBm+6mZtAs5f
Cqv7ybqZiveKT+9a5JpFsr/6/G8j79PsAHYAEvFONL1TckyEBhnDjz96E/jntWKH
iJxtMAWE6+WGJjoAAAGWy3P8EQAABAMARzBFAiBEAt7wHQFLPg23deCecS78jgxX
3V8dx7pJOcLyFteVTQIhAOQMwoz6Aw8BS47eS+trtMv1VeQN/Ex/mo4hNxtkM7uL
MA0GCSqGSIb3DQEBCwUAA4IBAQCubRQKSX7qJl2vaSLTh9asDdH2pMxy0pnhN1gn
y50/D7drjPnQnnp0bK73BDVWhtYm2ZK0uLjywRynCP+YLLDRIsrOk4WhdMYrA61c
xykP25JziHcbCn8vZMv/KFGesLF3d8MTjFTRw9QFLZZOMJKKxf0F2IzfNWPv3B7q
MHN44dE4bZ4I1iU0vET1+l8vmXplUtlJUwed5hEkFGRkna0mW83qN7hkzLgZQUil
9pXdM2RBT5+K6s2kdis120JV8I5hx/7GN7BlugVW0Blh4Z+hcwrxJYVj/WXCFd/X
A3djaywLH7HWdRk7PqDJpn9zGpxd0rbcNS2yxqqckoLuy/Wm
-----END CERTIFICATE-----
subject=CN=*.badssl.com
issuer=C=US, O=Let's Encrypt, CN=R10
---
**Acceptable client certificate CA names
C=US, ST=California, L=San Francisco, O=BadSSL, CN=BadSSL Client Root Certificate Authority**
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Peer signature type: rsa_pkcs1_sha512
Peer Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3438 bytes and written 1824 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Protocol: TLSv1.2
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 8BE7BEA88B6C93E4201670ECEF99AB717C9612071B03358316372ED8AC6E85CA
    Session-ID-ctx:
    Master-Key: 07DD263233E6A64AF32F9D9E39A4EB77D806AF76BAB1C5B8F528B213E5ED21BE244357AE68EE1FA024AC934D1ECE8A26
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 78 4f c9 97 ae 7b a1 86-d2 ea 20 f0 80 f6 63 b7   xO...{.... ...c.
    0010 - 55 91 6c d0 8d dd 04 24-e3 f9 b7 e5 81 0a 7a 65   U.l....$......ze
    0020 - 3a e8 ea 86 64 78 d8 d8-38 04 2a b3 81 21 00 c6   :...dx..8.*..!..
    0030 - 2a 67 77 d3 fd c4 33 6b-aa c0 f9 ca 0c d8 1f 5e   *gw...3k.......^
    0040 - e3 bf 15 32 4e 7b 01 4d-fc 6c 0d ee 9f 0d 95 e4   ...2N{.M.l......
    0050 - 2d bf 94 81 15 ac f3 bc-4c c1 39 7a 4e 1b 7b 76   -.......L.9zN.{v
    0060 - 90 fa f8 e3 66 df 53 5e-89 28 58 17 81 1a ea 37   ....f.S^.(X....7
    0070 - eb 8f 9e a3 03 08 14 5a-6e e8 52 65 a7 65 07 a8   .......Zn.Re.e..
    0080 - e0 fc 70 fe 21 09 13 fa-f3 0d 1c 9f 72 9a 4d b1   ..p.!.......r.M.
    0090 - cd da 7f 16 cb fd 75 2b-6f 0a 1b 8a fa b0 d6 f2   ......u+o.......
    00a0 - 31 ae 12 cf 3a 5b 98 dc-71 c0 74 cc 08 5a bf 43   1...:[..q.t..Z.C
    00b0 - 81 5d 1f 00 6c 96 f3 bc-e8 17 57 ae d8 7f f0 13   .]..l.....W.....

    Start Time: 1752079577
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
closed
---
(...)
---

while when connecting to server.cryptomix.com this list is not sent:

openssl s_client -connect server.cryptomix.com:443 -prexit
Connecting to 217.154.8.242
CONNECTED(00000003)
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=R10
verify return:1
depth=0 CN=server.cryptomix.com
verify return:1
---
Certificate chain
 0 s:CN=server.cryptomix.com
   i:C=US, O=Let's Encrypt, CN=R10
   a:PKEY: RSA, 2048 (bit); sigalg: sha256WithRSAEncryption
   v:NotBefore: Jun 21 19:30:42 2025 GMT; NotAfter: Sep 19 19:30:41 2025 GMT
 1 s:C=US, O=Let's Encrypt, CN=R10
   i:C=US, O=Internet Security Research Group, CN=ISRG Root X1
   a:PKEY: RSA, 2048 (bit); sigalg: sha256WithRSAEncryption
   v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISBjL7s3SfthfhIHHUM54T3aYxMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTAwHhcNMjUwNjIxMTkzMDQyWhcNMjUwOTE5MTkzMDQxWjAfMR0wGwYDVQQD
ExRzZXJ2ZXIuY3J5cHRvbWl4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAKbIypHjQpQC45W1nPcjLdh/TAm/+zhM1SvTau9gfEBrWRYZJiGg4Nxj
csL+gCO28UKLyE57oGh2EKlAtsPuNhh2cq7pzl8CxwAkaZCu3Khn5jsH1UKB8yle
kyIcb4oCDOEjGHfOmLP0P2qJoewWzT8UeIUkt2HZSKeKCIYEzANq1x0MjVIoN3Vu
tdpQ0q0fsUK2wY/9ME0knNA64U+QuSMJCsNojFvxaVy4awSrwbqHDOwno51k1A7w
weraXh4xrhbKmw82oDLmKyyQ3SP6A9iU5fOT/l377LiOuzo8Je3+U7/2avBgIikR
E4Vg1V5EWmPTB8sOMCHyNBeGdc25dhUCAwEAAaOCAj4wggI6MA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
ADAdBgNVHQ4EFgQUBMaPMUMIQvETL1wrfflqqrSX6TcwHwYDVR0jBBgwFoAUu7zD
R6XkvKnGw6RyDBCNojXhyOgwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzAChhdo
dHRwOi8vcjEwLmkubGVuY3Iub3JnLzA5BgNVHREEMjAwghRzZXJ2ZXIuY3J5cHRv
bWl4LmNvbYIYd3d3LnNlcnZlci5jcnlwdG9taXguY29tMBMGA1UdIAQMMAowCAYG
Z4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9yMTAuYy5sZW5jci5vcmcv
NTAuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUApELFBklgYVSPD9TqnPt6
LSZFTYepfy/fRVn2J086hFQAAAGXlC5PdQAABAMARjBEAiBuvHA/HYIvRlNLIUOs
r7oDLasBf0QwQ73dyH8hao/46gIgPzrr1pOwHeFKfTSIRF3Po633H//aDnLgKleC
t5kESBUAdwDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2XjbapflTA/kwNsAAAAZeULlgo
AAAEAwBIMEYCIQCiVylHUrD06rhmiIRuLRvQO4ysUL1rymC1fOFDwgN0aAIhAITR
kkFoQRtxaDTJbWUfXI4bz4HbXrxMtE4WW+2Tcud+MA0GCSqGSIb3DQEBCwUAA4IB
AQA2usYKCclwrzxl0AwPMTKWjKUuNocJBwVcSpdEAwLwU5smp/uVybEsWcrsq03X
FtYZGkzmGYlSc/shu3VyetD/cXgie1LJT4ojRkPcp8BTlkC0GiQirRA0TB7/Bz4o
ntnyvJUtTztOmOHOtQ95jDpA2AfHaSQVHvPM22UFOM04AlLF6jXwNNi8VUFO/Bkl
ty+VGSAW8m2psoCpBNehANqgVib9TWVDeOxbQ1Yc/xoo7AWg9OH374ApJIjjP7IW
o23paG+ohJCiprBUIwU3zVdDWuD4HtbG8p0vllHHEotVSPoqgJCDa5JpsjKAxIVo
cqrjVDJCVZbhr+iUwYnOBFdj
-----END CERTIFICATE-----
subject=CN=server.cryptomix.com
issuer=C=US, O=Let's Encrypt, CN=R10
---
**No client certificate CA names sent**
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Peer signing digest: SHA256
Peer signature type: rsa_pss_rsae_sha256
Peer Temp Key: X25519, 253 bits
---
SSL handshake has read 3340 bytes and written 1794 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Protocol: TLSv1.2
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: B30C54C712E784B562034FF331C68D1922F505342F9BA328A01C0F29E518EEBC
    Session-ID-ctx:
    Master-Key: E8271B88F14FF88BC3AB7D28A29050810CEEFFE830B757CE380C18C3B9A973EBEF710B17508EA43D423D78880E989F6C
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - eb 2e 51 b7 ec 48 5c 86-5b b0 81 31 70 31 e0 d8   ..Q..H\.[..1p1..
    0010 - fc 38 25 02 e8 ac b7 e8-41 76 df dd 95 61 08 68   .8%.....Av...a.h
    0020 - 3e 18 25 bf 01 5f 43 e8-cf 88 74 b6 00 62 af 77   >.%.._C...t..b.w
    0030 - ad cd cd 23 2e ff d6 36-d5 d4 03 8b 62 df 91 a1   ...#...6....b...
    0040 - 26 cf 1a 0e bd 1c 61 c5-d8 1a df 97 35 14 86 91   &.....a.....5...
    0050 - 69 bf d6 cc 65 33 e1 64-93 f4 6d 25 0c d7 4a 0b   i...e3.d..m%..J.
    0060 - 94 eb ca dc dc 62 3d 19-9e bd d8 d8 04 57 5c 1d   .....b=......W\.
    0070 - df fb b2 22 d2 1a 63 07-03 bb 00 a1 85 06 3d d1   ..."..c.......=.
    0080 - 37 c6 44 d4 b8 68 82 98-dd 08 2c bf ce 10 c7 67   7.D..h....,....g
    0090 - 03 24 6e 02 df 44 fe 51-4f 4e 58 28 9d ef b1 7d   .$n..D.QONX(...}
    00a0 - 64 18 16 20 99 ac 3e e8-a1 2c d4 84 be 15 79 bc   d.. ..>..,....y.
    00b0 - 27 92 6a 5b e4 20 3e 52-9c e3 f4 3a 58 86 00 4a   '.j[. >R...:X..J
    00c0 - 85 40 37 bd 1e f4 d0 d7-6e 7d a5 5b 5f 0e 20 f3   .@7.....n}.[_. .

    Start Time: 1752080969
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
closed
---
(...)
---

I can also confirm that both Chrome 138 on Android 16 and Firefox 140.0.4 on Windows 11 allow the user to perform the certificate selection (Chrome correctly presents the android prompt on both websites).

Status: UNCONFIRMED → RESOLVED
Closed: 10 months ago
Duplicate of bug: 1966565
Resolution: --- → DUPLICATE

It seems that in the latest Firefox Nightly build (142.0a1-20250708210138), despite this fix (https://hg-edge.mozilla.org/mozilla-central/rev/a972425ff5c8) being included the issue is still present

Status: RESOLVED → REOPENED
No longer duplicate of bug: 1966565
Ever confirmed: true
Resolution: DUPLICATE → ---
Depends on: 1966565

What build number are you using? Bug 1975296 comment 3 indicates it's fixed in Build #2016101503.

Flags: needinfo?(ga.gatti98)

I was running Firefox Nightly build #2016101503, but I forgot I had uninstalled the badssl.com certificate. That's why I wasn't prompted with the certificate picker. After installing it again, it works correctly. Sorry for wasting your time, and thanks for your patience!

On a side note, I think I have another problem with client certificates on Android:

A personal website of mine (unfortunately it's a private endpoint and I cannot share it), uses Cloudflare mTLS feature for authentication, and returns this as a list of accepted CA:

Acceptable client certificate CA names
C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., OU=www.cloudflare.com, CN=Managed CA ********************************
C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., OU=www.cloudflare.com, CN=Anchor CA ********************************

I have created two client certificates, which have the following attributes:
The first was created with a manually generated CSR:

subject=C=IT, ST=Redacted, L=Redacted, O=Redacted, OU=Redacted, CN=Redacted
issuer=C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., OU=www.cloudflare.com, CN=Managed CA ********************************

and the second was created via Cloudflare

subject=C=US, CN=Cloudflare (Note that no other attributes are filled)
issuer=C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., OU=www.cloudflare.com, CN=Managed CA ********************************

Having the first one installed correctly causes the certificate picker to show, on the other hand, having only the second one installed does not prompt the certificate selection (tested on Firefox Nightly build #2016101503). Both certificates work and correctly prompt for certificate selection in Chrome 138 on Android 16 and Firefox 140.0.4 on Windows 11.

Should I open another bug for this?

Flags: needinfo?(ga.gatti98)

Eh, this bug is already open and the title is relevant - we can go ahead and repurpose it. Does logcat show anything relevant when the prompt doesn't show up when you're expecting it?

Flags: needinfo?(ga.gatti98)

I am beginning to question myself because I was trying to gather the logs and the problem is not there anymore, both certificates now work. The only thing that changed is that the app got updated (Build number is now 2016101799), so maybe it was fixed in the meantime, or maybe I was doing something wrong when I reported the problem. Thanks for the patience, I guess this can be marked as solved.

Flags: needinfo?(ga.gatti98)

Ok - great! Feel free to reopen this or open a new bug if you encounter any issues.

Status: REOPENED → RESOLVED
Closed: 10 months ago10 months ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.