Closed Bug 225849 Opened 21 years ago Closed 8 years ago

permanently remembering certificate does not work IN FIPS MODE if master password has not been entered

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
Other Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: brant, Unassigned)

References

Details

(Whiteboard: [kerh-coz] FIPS) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007

If there is a master password set and a Web or e-mail connection is made via SSL
and the content provider's certificate is not issued by the a priori trusted
certificate issuers, a prompt to cancel the connection, accept the certificate
permanently, or accept it temporarily is given.  If the master password has not
been entered during the session, the permanent certificate option does not work.

Reproducible: Always

Steps to Reproduce:
1. Enable FIPS mode and enter a master password.
2. Exit Mozilla to make sure you are not logged in with the master password.
3. Open Mozilla and navigate to an SSL-enabled site whose certificate provider
is not in the a priori trusted list.
4. Select the permanent certificate option.
Actual Results:  
The dialog continues to ask what to do with the certificate.

Expected Results:  
I should be prompted for the master password as I am with the temporary option.

If it makes a difference, I am in FIPS mode.
This has been reproduced on Windows XP Pro SP1 with both Mozilla 1.5 stable,
Firebird nightlies, and Thunderbird nightlies.
Assignee: ssaux → kaie
Yes, I believe FIPS mode is the explanation for this behavior.
Assignee: kaie → nobody
Product: PSM → Core
Whiteboard: [kerh-coz]
Sounds like it should be prompting for the master password in this case.
Summary: permanently remembering certificate does not work if master password has not been entered → permanently remembering certificate does not work IN FIPS MODE if master password has not been entered
Whiteboard: [kerh-coz] → [kerh-coz] FIPS
QA Contact: bmartin → ui
This may or may not be a PSM problem, per se', but the PSM developer 
will know how to propel this bug towards a solution.
Assignee: nobody → kengert
Component: Security: UI → Security: PSM
QA Contact: ui → psm
Looking at the bug history, I see that I've brought it back full circle to Kai.
Sorry, Kai.  
CC'ing Johanthan Nightingale.  

Johnathan, maybe you can help by identifying which code (if not in PSM) needs 
to be changed to add additional master password prompts needed in this case.
reassign bug owner.
mass-update-kaie-20120918
Assignee: kaie → nobody
From what I'm seeing right now, Firefox can't even visit an https site in FIPS mode if the master password isn't entered.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.