Closed
Bug 304301
Opened 19 years ago
Closed 8 years ago
firefox 1.0.6 locks up while importing PKCS12 with no friendly name
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: rmdugal, Unassigned)
References
Details
(Whiteboard: [kerh-brz])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.10) Gecko/20050809 Firefox/1.0.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.10) Gecko/20050809 Firefox/1.0.6 I am testing a PKCS #10 provider that I am developing and I try to import some PKCS12 files into the token of my provider. The PKCS12 files do not contain a friendly name. When I import the first file, Firefox generates a nickname of "Imported Certificate". When I try to import a second file Firefox enters an endless loop and locks up. The problem is that Firefox generates a nickname by looking in the internal token to see if the nickname is unique, then when importing into my token it realizes the nickname is not unique, retries generating a nickname but it is the same as last time, etc. The problem is occurring in sec_pkcs12_validate_cert_nickname() Reproducible: Always Steps to Reproduce: Reproducing this problem requires the installation of another PKCS11 provider which supports token storage. 1. open the options dialog from "tools/options" menu 2. in the advanced options click on "Manage Certificates" button 3. in the "Your Certificates" tab click on the "import" button 4. when prompted for which token to import the file into, select the other provider. ie) not into NSS's internal token 5. import a pkcs12 file that does not contain a friendly name, enter password, etc. this should be successfull first time. 6. try again with another pkcs12 file that also doesn't contain a friendly name. Actual Results: Firefox will lock up. Expected Results: should successfully import the pkcs12 files pkcs12 files which can be used to reproduce the problem can be downloaded from here: Direct Link URL: http://home.ripway.com/2005-8/379730/sslsample_rsa.p12 Alternate URL: http://host.picturewizard.com/2005-8/379730/sslsample_rsa.p12 Direct Link URL: http://home.ripway.com/2005-8/379730/sslrsa.p12 Alternate URL: http://host.picturewizard.com/2005-8/379730/sslrsa.p12
Comment 1•19 years ago
|
||
*** Bug 304314 has been marked as a duplicate of this bug. ***
Comment 2•19 years ago
|
||
Changed product to Core:Security: PSM.
Assignee: nobody → kaie.bugs
Status: UNCONFIRMED → NEW
Component: Preferences → Security: PSM
Ever confirmed: true
Product: Firefox → Core
QA Contact: preferences
Version: unspecified → Trunk
Reporter | ||
Comment 3•19 years ago
|
||
I forgot to mention that the CertificateRequest message also includes a list of certificate authorities. The client certificate returned by Firefox should be issued by one of the server's listed CAs and it should match the CertificateRequestType.
Reporter | ||
Comment 4•19 years ago
|
||
****! ignore the comment posted about CertificateRequest message also includes a list of certificate authorities. I was refering to a different bug!
Updated•19 years ago
|
Whiteboard: [kerh-brz]
Updated•17 years ago
|
QA Contact: psm
I believe this has been fixed. Firefox handles these nickname collisions here: https://dxr.mozilla.org/mozilla-central/rev/674a552743785c28c75866969aad513bd8eaf6ae/security/manager/ssl/nsPKCS12Blob.cpp#616
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•