Closed Bug 364583 Opened 19 years ago Closed 18 years ago

Error -12192 reported when visiting PKI protected website after 2.0.0.1 patch installed

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 364587

People

(Reporter: huck, Unassigned)

Details

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9 Build Identifier: 2.0.0.1 Server environment - Apache 1.3.37, mod_ssl 2.2.28, OpenSSL 0.9.7l running on Linux x86 (Debian) After updating Firefox 2.0 with the 2.0.0.1 update, some websites that require client certificates no longer function. The client gets an error -12192, and the web server logs OpenSSL errors: OpenSSL: error:0407006A:rsa routines:func(112):reason(106) OpenSSL: error:04067072:rsa routines:func(103):reason(114) OpenSSL: error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature Same website works with Firefox 1.5.0.9 or 2.0 without the patch. No changes, other than applying the 2.0.0.1 update, have occurred. A workaround that seems to work is to change the client security settings for presenting a client certificate from "Select one automatically" to "Ask me every time". Test client is Mac OSX 10.4.8 using a DoD CAC and USB card reader to supply client certificates. Unfortunately, access to an example website requires that the client have a DoD certificate so it may be hard for most developers to test. Reproducible: Always Steps to Reproduce: 1.Apply 2.0.0.1 update 2. 3. Actual Results: See details
The bug I see for 2.0.0.1 that seems to be the most related to this would be bug 328346. I'm looking at the list here: http://forums.mozillazine.org/viewtopic.php?t=494984 And that fix didn't go into 1.5.0.9.
I confirm the same problem with 2.0.0.2, both in Windows and Linux. I also confirm the workaround posted by Craig. It only happens when you enroll or import a certificate on the newer versions of Firefox. I have an older certificate (enrolled about 1 year ago) on my Firefox profile and I'm still able to authenticate myself with no problems at all.
I found myself with the same bug. Firefox version 2.0.0.2. rv:1.8.1.2 (Linux)
As an update to my previous comment #2, when my old certificate expired, I could positively authenticate myself with my new certificate. Could it be a key selection glitch?
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.