Closed
Bug 491698
Opened 15 years ago
Closed 8 years ago
Firefox silently fails to import a bogus P12 certificate file
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: camachorm, Unassigned)
References
Details
(Whiteboard: [psm-cert-manager])
Attachments
(1 file)
3.47 KB,
application/octet-stream
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729) Hello guys, I've just created an application that generates .p12 certificates. I can import them correctly onto the windows keystore with no problem and all the extensions are there as well as the information. Before you ask yes I am sure I'm using the proper password! ;-) Password is 123456. I'm attaching the p12 file to this question. Can anyone see a reason to why this isnt imported by FF? Thanks in advance! Reproducible: Always Steps to Reproduce: 1. Open up the Tools->Options menu, and go into the Advanced->Encryption->View Certificates screen 2. Click the import button and use the screen to select the appropriate P12 file Actual Results: The dialog disappears and no action seems to be performed, no error message, and the certificate was not imported. Expected Results: The certificate should have been added to the keystore. I'd like to attach the p12 file that is causing this behaviour for your analysis but I'm unsure as to how to do it in bugzilla, I'll try later to add it to the bug however.
Reporter | ||
Comment 1•15 years ago
|
||
Updated•15 years ago
|
Assignee: nobody → kaie
Component: Security → Security: PSM
Product: Firefox → Core
QA Contact: firefox → psm
Comment 2•15 years ago
|
||
In the Certificate Manager window, which tab are you using? Probably "Servers". Try importing from the "Your Certificates" tab.
Reporter | ||
Comment 3•15 years ago
|
||
I tried importing to all types of certificates, although the goal was to import into the 'Your Certificates' tab. None worked.
Reporter | ||
Updated•15 years ago
|
Severity: major → critical
Comment 4•15 years ago
|
||
While investigating this, I found (at least) 3 separate problems (so far). Two of them are NSS bugs. One is that PSM doesn't report an error in some cases where NSS does report an import failure. I'm going to leave this bug as a PSM bug about that last problem, and file some additional NSS bugs about the NSS bugs.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: When I import a P12 certificate file I get no error message and the certificate isnt imported → Firefox silently fails to import a P12 certificate file
Version: unspecified → 1.9.0 Branch
Comment 5•15 years ago
|
||
OK, This pkcs`12 file is bogus. The wrapped private key does not have the same modulus as the modulus in the public key in the cert. In other words, that private key is not the private key that goes with that cert. The PKCS12 import code was correct, IMO, to not import it. So, this bug is not that it failed to import, but rather that the failure was silent. I wonder if the NSS patch for bug 492131 will suffice to fix this.
Summary: Firefox silently fails to import a P12 certificate file → Firefox silently fails to import a bogus P12 certificate file
Reporter | ||
Comment 6•15 years ago
|
||
You are right Nelson, I just noticed it myself and was about to post this information. The creation of the file, implied communicating with the CA through a webservice, and the application was sending the wrong certificate ID thus wrongly merging the certificates. I dont have the time to test the NSS patch you refer at the moment but I'll keep it in mind. I agree with you that NSS should not have imported the file, but the lack of message can be disturbing.
Updated•14 years ago
|
Assignee: kaie → nobody
Whiteboard: [psm-cert-manager]
The current behavior I'm seeing is the "... failed for an unknown reason" dialog (which isn't great, but at least this isn't a silent failure any more).
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•