firefox 1.0.6 locks up while importing PKCS12 with no friendly name




13 years ago
2 years ago


(Reporter: rmdugal, Unassigned)


Windows 2000

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [kerh-brz])



13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.10) Gecko/20050809 Firefox/1.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.10) Gecko/20050809 Firefox/1.0.6

I am testing a PKCS #10 provider that I am developing and I try to import some
PKCS12 files into the token of my provider. The PKCS12 files do not contain a
friendly name. When I import the first file, Firefox generates a nickname of 
"Imported Certificate". When I try to import a second file Firefox enters an
endless loop and locks up. 

The problem is that Firefox generates a nickname by looking in the internal
token to see if the nickname is unique, then when importing into my token it
realizes the nickname is not unique, retries generating a nickname but it is the
same as last time, etc. 

The problem is occurring in sec_pkcs12_validate_cert_nickn­ame() 

Reproducible: Always

Steps to Reproduce:
Reproducing this problem requires the installation of another PKCS11 provider
which supports token storage.

1. open the options dialog from "tools/options" menu
2. in the advanced options click on "Manage Certificates" button
3. in the "Your Certificates" tab click on the "import" button
4. when prompted for which token to import the file into, select the other
provider. ie) not into NSS's internal token
5. import a pkcs12 file that does not contain a friendly name, enter password,
etc. this should be successfull first time.
6. try again with another pkcs12 file that also doesn't contain a friendly name.

Actual Results:  
Firefox will lock up.

Expected Results:  
should successfully import the pkcs12 files

pkcs12 files which can be used to reproduce the problem can be downloaded from here:

Direct Link URL:
Alternate URL:

Direct Link URL:
Alternate URL:
*** Bug 304314 has been marked as a duplicate of this bug. ***

Comment 2

13 years ago
Changed product to Core:Security: PSM.
Assignee: nobody → kaie.bugs
Component: Preferences → Security: PSM
Ever confirmed: true
Product: Firefox → Core
QA Contact: preferences
Version: unspecified → Trunk

Comment 3

13 years ago
I forgot to mention that the CertificateRequest message also includes a list 
of certificate authorities. The client certificate returned by Firefox should 
be issued by one of the server's listed CAs and it should match the 

Comment 4

13 years ago
****! ignore the comment posted about CertificateRequest message also includes 
a list of certificate authorities. I was refering to a different bug!


13 years ago
Whiteboard: [kerh-brz]
QA Contact: psm

Comment 5

6 years ago
reassign bug owner.
Assignee: kaie → nobody
I believe this has been fixed. Firefox handles these nickname collisions here:
Last Resolved: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.