User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.10) Gecko/20050809 Firefox/1.0.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.10) Gecko/20050809 Firefox/1.0.6 I am testing a PKCS #10 provider that I am developing and I try to import some PKCS12 files into the token of my provider. The PKCS12 files do not contain a friendly name. When I import the first file, Firefox generates a nickname of "Imported Certificate". When I try to import a second file Firefox enters an endless loop and locks up. The problem is that Firefox generates a nickname by looking in the internal token to see if the nickname is unique, then when importing into my token it realizes the nickname is not unique, retries generating a nickname but it is the same as last time, etc. The problem is occurring in sec_pkcs12_validate_cert_nickname() Reproducible: Always Steps to Reproduce: Reproducing this problem requires the installation of another PKCS11 provider which supports token storage. 1. open the options dialog from "tools/options" menu 2. in the advanced options click on "Manage Certificates" button 3. in the "Your Certificates" tab click on the "import" button 4. when prompted for which token to import the file into, select the other provider. ie) not into NSS's internal token 5. import a pkcs12 file that does not contain a friendly name, enter password, etc. this should be successfull first time. 6. try again with another pkcs12 file that also doesn't contain a friendly name. Actual Results: Firefox will lock up. Expected Results: should successfully import the pkcs12 files pkcs12 files which can be used to reproduce the problem can be downloaded from here: Direct Link URL: http://home.ripway.com/2005-8/379730/sslsample_rsa.p12 Alternate URL: http://host.picturewizard.com/2005-8/379730/sslsample_rsa.p12 Direct Link URL: http://home.ripway.com/2005-8/379730/sslrsa.p12 Alternate URL: http://host.picturewizard.com/2005-8/379730/sslrsa.p12
*** Bug 304314 has been marked as a duplicate of this bug. ***
Changed product to Core:Security: PSM.
Assignee: nobody → kaie.bugs
Status: UNCONFIRMED → NEW
Component: Preferences → Security: PSM
Ever confirmed: true
Product: Firefox → Core
QA Contact: preferences
Version: unspecified → Trunk
I forgot to mention that the CertificateRequest message also includes a list of certificate authorities. The client certificate returned by Firefox should be issued by one of the server's listed CAs and it should match the CertificateRequestType.
****! ignore the comment posted about CertificateRequest message also includes a list of certificate authorities. I was refering to a different bug!
reassign bug owner. mass-update-kaie-20120918
Assignee: kaie → nobody
I believe this has been fixed. Firefox handles these nickname collisions here: https://dxr.mozilla.org/mozilla-central/rev/674a552743785c28c75866969aad513bd8eaf6ae/security/manager/ssl/nsPKCS12Blob.cpp#616
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.