Closed Bug 424077 Opened 17 years ago Closed 17 years ago

Ff3 Beta 4 rejects server certificates (sec_error_inadequate_key_usage)

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 427081

People

(Reporter: urilabob, Assigned: KaiE)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4 I generated a self-signed server certificate with XCA, pretty much following the defaults. It's accepted by all browsers I can find except FF3 and IE(I'm assuming the latter is due to well-documented SSL bugs in IE). FF3 gives: sec_error_inadequate_key_usage So maybe the certificate is wrongly configured? Well maybe. I'm sure not an expert. But XCA is... Plus, when I view the cert in FF3, it looks OK. It specifically disavows being a CA. It enables signing, non-repudiation and encipherment. It is set up as a Netscape server certificate. So what on earth is FF3 objecting to? Note that I _expect_ FF3 to object to it being self-signed. I _expect_ to have to add it to my certificate stack. This isn't the issue I'm raising here. My problem is with the specific error code given, i.e. sec_error_inadequate_key_usage, not with the fact that the connection failed (and hopefully, with the proposed spiffy new error handling, when FF3 objects to my self-signed certificate, I will be able to - thoughtfully - click through and accept the certificate 8^). Reproducible: Always Steps to Reproduce: 1.point ff3 beta 4 at https://sc.snu.ac.kr/manhat-bin/doorstep 2.check certificate 3. Actual Results: Fails to load with sec_error_inadequate_key_usage Expected Results: Should have accepted the certificate use (I think), and then bombed me to the self-signed-certificate error handling. Fails in FF3b4 on both windows and linux.
Summary: Ff3 Beta 4 rejects XCA self-signed server certificates → Ff3 Beta 4 rejects XCA self-signed server certificates (sec_error_inadequate_key_usage)
Firefox 2's warning dialog lets you override this error. Firefox 3's error page does not let you add an exception for this error. I think this is the change made in bug 407523, so it's intentional.
Blocks: 407523
Assignee: nobody → kengert
Component: Security → Security: PSM
OS: Windows XP → All
Product: Firefox → Core
QA Contact: firefox → psm
Hardware: PC → All
Version: unspecified → Trunk
Re #1: I think this is missing my point. I'm not bothered that SEC_ERROR_INADEQUATE_KEY_USAGE can't be overridden. What worries me here is why it's being raised at all. Sure, this certificate should raise SEC_ERROR_UNKNOWN_ISSUER. But what justifies raising SEC_ERROR_INADEQUATE_KEY_USAGE for this certificate? bug 407523 is irrelevant to this issue. Note that this problem means FF3 will probably break all sites using XCA to set up SSCs. If there's really a problem with the key use here, then it means XCA needs a fix. But right now, my money is on the problem being with FF3's handling of the certificate.
In my understanding, NSS is strict about the key usage it requires for SSL connections. I remember a discussion where it has been proposed to add SEC_ERROR_INADEQUATE_KEY_USAGE to the list of error codes that PSM may allow to override. I forgot whether that would be acceptable or not.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Ff3 Beta 4 rejects XCA self-signed server certificates (sec_error_inadequate_key_usage) → Ff3 Beta 4 rejects server certificates (sec_error_inadequate_key_usage)
We should probably conduct a review of the errors for which overrides are, and are not, allowed. Considering that we allow overrides for FAR more egregious security errors, I think it's reasonable to allow overrides for SEC_ERROR_INADEQUATE_KEY_USAGE. As for why the cert gets that error, the answer is that the cert is self signed, therefore its key is used to verify the signature on itself. To validate its signature, it must have Key Usage that is consistent with certificate signing, and it must be a CA cert. It is neither.
I think this bug in invalid. NSS is correctly diagnosing the inadequate key usage, IMO. The only remaining issue is whether we should allow that error to be overridden. That is the subject of bug 412277, which Kai filed for that very issue. I suggest that this bug be dup'ed against that one.
I have fixed the site along the lines implied by #5 and it now works - thanks Nelson. I have also raised the issue on the XCA forum, whether XCA's default server certificate needs to be changed. Accepting FF3's behaviour is correct (I'm not in a position to argue), it still raises a further issue relating to SEC_ERROR_INADEQUATE_KEY_USAGE: is this error message sufficiently informative? How many people are going to be left scratching their heads as to what is wrong, until they find a Nelson to tell them? I worry that the release of FF3 may divide the World into two classes of sites: those which have a security expert on tap and can comply with FF3's view of what constitutes valid certification; and the rest, which may be forced to drop SSL entirely. This doesn't seem a particularly desirable scenario. Is there any way FF3 could supply information as to _what_ it views as invalid about the certificate use, so that the semi-knowledgable certificate owner can take reasonable steps to correct it? It's one thing to break sites that almost all current browsers accept as valid (IE didn't accept the previous certificate, but it doesn't accept the updated one either). It's another to do so without providing much explanation of what is wrong.
Bob, Thank you for confirming that when you fixed the key usage problems with your certificate, the diagnosis of those problems ceased. As for insufficient detail in error messages, If you google for the error messages, you'll find more. I gather you didn't do that. Mozilla's UI experts opine that these error messages contain far too much detail now. They would prefer that we just say "the cert didn't work". We've had to struggle to get this much detail into the messages. As for the world being divided, it already is divided into two groups: - those who use valid certs issued by valid trusted CAs who really understand this PKI stuff, and - those who don't. The target for Mozilla browsers, (and IE too, IMO) is to work with properly issued certs from CAs that provide real authentication assurance. If someone who wants to play at being a CA manages to create a cert that works, that's great. But it's not the objective of the security software in the major browsers, IMO. It's beyond the scope of Mozilla browser error messages to educate those who don't understand the details of PKI on what it takes to do it right. There's a reason that trusted certificate issuers are called Authorities. :) There are CAs that offer FREE certs now, so there's really not much excuse left for using invalid certs.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
> As for insufficient detail in error messages, If you google for the error > messages, you'll find more. I gather you didn't do that. Nelson, there's no need to be insulting. As I always do, I spent 2-3 days googling this before I put in a bug report. The problem is not that there isn't information out there. The problem is that there is way too much. The bulk of what there is on self-signed certificates says "don't make a self-signed certificate a CA certificate". Even much of the information on mozilla web sites says that (which is why I mentioned it in my original report). > Mozilla's UI experts opine that these error messages contain far too much > detail now. They would prefer that we just say "the cert didn't work". > We've had to struggle to get this much detail into the messages. I sympathise. But the UI experts are still flat wrong. This is going to cause huge pain when you release it, and it will just lead to sites saying "don't use ff3". There's nothing wrong with leaving essential debugging information out of the initial user interaction; there's everything in the world wrong with making it unavailable (and since you _do_ reflect the certificate you're seeing back to the user, what would be the difficulty in marking the fields you see as invalidly used in red?). > The target for Mozilla browsers, (and IE too, IMO) is to work with properly > issued certs from CAs that provide real authentication assurance. If someone > who wants to play at being a CA manages to create a cert that works, that's > great. But it's not the objective of the security software in the major > browsers, IMO. That was my point, two groups is too few. There are plenty of uses which require a reasonable level of security, but do not require bullet proof. In my case, some of my students are sysadmins for our university servers. So I don't want other students transiting those machines in the clear, thus I need SSL. Sure, the admins could still set up MITM attacks. But that would be more work than actually doing the assignments (plus I suspect it's beyond their ability). > It's beyond the scope of Mozilla browser error messages to educate those > who don't understand the details of PKI on what it takes to do it right. > There's a reason that trusted certificate issuers are called Authorities. :) > There are CAs that offer FREE certs now, so there's really not much excuse > left for using invalid certs. It simply doesn't remove the difficulty. Using a CA requires setting up a certification chain; from previous failed attempts at this, and what I've been able to google, it seems more complex than setting up an SSC.
It is now possible to override this error.
Resolution: INVALID → DUPLICATE
this bug becomes famous: http://www.golem.de/0804/59239.html (german, look at the end of the last paragraph on this first page of the article)
You need to log in before you can comment on or make changes to this bug.