Closed Bug 272591 Opened 20 years ago Closed 19 years ago

Camino cannot import home-made SSL Root Certificates

Categories

(Camino Graveyard :: General, defect, P3)

Product:
Camino Graveyard
Component:
General
Platform:
PowerPC
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Camino1.0

People

(Reporter: hauke, Assigned: sfraser_bugs)

References

Details

(Keywords: fixed1.8) 

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8a5) Gecko/20041123 Camino/0.8+
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8a5) Gecko/20041123 Camino/0.8+

(1) Camino is unable to get a root certificate from the keychain (Safari uses it
just fine).
(2) OTOH, unlike Mozilla, Camino does not have a way of importing, managing and
viewing both webserver and root certificates. Better: It may have the guts for
it, but no UI. Even when it asks you if it should accept a server certificate,
you cannot preview the details.

Reproducible: Always
Steps to Reproduce:
1. Create a home-made SSL CA, and sign a cert for your webserver key with it.
2. Import the CA cert into the keychain, verify with Safari by accessing your
webserver.
3. Find that when you go tho said webserver with Camino, it bitches about an
unknown certificate which you now can accept but not pre-view. Look through the
prefs and see that there is nothing like Mozilla's Certificate Manager.

Actual Results:  
You have to blindly accept or refuse the certificate that the server offers you. 

Expected Results:  
Go to the Keychain for SSL certificates, both Root CA and server certs.

Not being able to use a home-made CA certificate is a showstopper for Camino in
mid-size groups as well as educational environments (TU Darmstadt, e.g., has
just set up its own Root CA).

Blindly accepting a server certificate without even the possibility of seeing a
fingerprint in advance is a security issue.
Confriming.
Blocks: 272606
Status: UNCONFIRMED → NEW
Ever confirmed: true
Just a few notes:

- Camino can use other certificates by copying the approriate files from the
mozilla directory. This works both with root and personal certificates (in fact
I'm using a TU-Darmstadt certificate here without problems and Camino already
has the approriate dialog to request the key for the personal certificate)

- It has to be decided whether Camino sticks with the mozilla keystore or
switches to the keychain of Mac OS X - The latter would be great because it
allows sharing of certificates with mail.app and Safari but it might not be
possible with the underlying Gecko engine and mozilla code.

I would rephrase the summary to "Functionality to import certificates missing".
Priority: -- → P3
Target Milestone: --- → Camino1.1
Patch in bug 151656 fixes this, I think (but not Keychain sharing).
Assignee: pinkerton → sfraser_bugs
Target Milestone: Camino1.1 → Camino1.0
Fixed by the checkin for bug 151656.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Keywords: fixed1.8
You need to log in before you can comment on or make changes to this bug.