UTF8 characters in client certificate not displayed correctly from Firefox cert store

RESOLVED INVALID

Status

Core Graveyard
Security: UI
RESOLVED INVALID
9 years ago
a year ago

People

(Reporter: Mike, Assigned: kaie)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(3 attachments)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4

I have created a X.509 v3 client certificate using OpenSSL.

The CN and OU field contain UTF8 characters, in this case Thai
characters for testing purposes.

When I import this certificate into the Windows certificate store it
shows all fields correctly, ie I can actually see the Thai characters
I used.

However when I import the certificate into Firefox (3.04) and view the
certificate subject from Firefox (tools->options->advanced->view
certificates->view->details) then the UTF8 characters are not shown
correctly.

Result: http://www.vandersman.org/certstore.PNG 

Serverside the certificate subject is interpreted correctly for
authentication purposes, when I use Firefox to go to a server to
authenticate against. 

The used certificate in DER and PEM file format can be found here:
www.boraxx.nl/Mozilla/Thai.der
www.boraxx.nl/Mozilla/Thai.crt

The required CA chain can be found here:
www.boraxx.nl/Mozilla/ChainUCAcert.pem 

Reproducible: Always

Steps to Reproduce:
1. Create a certificate using Thai characters using the Open SSL libs
2. Import the certificate into the browser

Actual Results:  
http://www.vandersman.org/certstore.PNG 


Additional information can be found here:
http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/5656b0d3fd765547

Likely ties to bug: https://bugzilla.mozilla.org/show_bug.cgi?id=234856
In many cases we've found that the strings aren't being properly identified in the certificate as UTF8 strings, but whether this is our bug or not, I'll move it to the component that tracks this UI.
Assignee: nobody → kaie
Component: Security → Security: UI
Product: Firefox → Core
QA Contact: firefox → ui

Comment 2

9 years ago
Created attachment 354934 [details]
www.boraxx.nl/Mozilla/Thai.der

Comment 3

9 years ago
Created attachment 354935 [details]
www.boraxx.nl/Mozilla/Thai.crt

Comment 4

9 years ago
Created attachment 354936 [details]
http://www.vandersman.org/certstore.PNG

Comment 5

9 years ago
so. for the time being, i'km going to resolve this as invalid.
you've removed the chain (which is unfortunate) and nelson indicates in the thread:

> The CN and OU attributes in that cert, which (as I understand it) you 
> have said are UTF8 strings, are not encoded as UTF8 strings.  That is, 
> the DER encoding in the certificate does not say they are UTF8 strings. 
> It says they are Teletex strings.  This is an improper encoding for 
> UTF8 strings. 

I believe it's our expectation that a proper CA would not sign such an invalid Certificate.

note that we kindly request that you attach the relevant files to bugzilla so that they are available later (to avoid the problem of a file such as http://www.boraxx.nl/Mozilla/ChainUCAcert.pem being missing).
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INVALID
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.