Closed Bug 492370 Opened 16 years ago Closed 13 years ago

Certificate exceptions sometimes not found

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 659736

People

(Reporter: Siyivan, Unassigned)

References

(Depends on 1 open bug)

Details

Attachments

(1 file, 1 obsolete file)

Untrusted certificate and valid certificate at the same time
42.92 KB, image/gif
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090510 Firefox/3.6a1pre When accessing a page with a self-signed certificate for which an exception has been added, _sometimes_ firefox 'forgets' the exception and show "This connection is untrusted message". When going to readd it, it's remembered and you're not allowed to add the exception (so it's not that the exception were deleted from the store). See attached screenshot. Workaround: Choose to add the exception, get firefox to realise it knows the certificate, cancel window, reload https page. Reproducible: Always
Attachment #376723 - Attachment is obsolete: true
This issue is still in Firefox 7.0.1 (Windows 7 64 bit). Please deliver a fix. When you've added a permanent exception for a self-signed certificate this is sometimes forgotten at random times. The page that the certificate is self-signed is shown
and when you want to add the exception again it shows that the certificate is valid, yet you can't continue and you can't add the exception. The only way to quickly solve it is by killing firefox.exe. Possibly related or the same: https://bugzilla.mozilla.org/show_bug.cgi?id=524500 https://bugzilla.mozilla.org/show_bug.cgi?id=457573
I don't what the issue was in 2009. The additional issue described in 2011 sounds like a dupe of 660749.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Let's see whether the fix for bug 660749 fixes this issue, before we mark that it is a duplicate.
Status: RESOLVED → REOPENED
Depends on: CVE-2011-0082
Ever confirmed: true
Resolution: DUPLICATE → ---
What was "added" in 2011? The content of comment 4? You can even view it in the screenshot how the button to add the exception was disabled. Niels, did you test the workaround that I mentioned? I'm not sure the fix for bug 660749 would fix it other than by chance when touching related code. It is for "trusting less" stored certificates, this is due to "not trusting enough" (not finding the cert).
The "valid and invalid at the same time" issue is now bug 659736.
Status: REOPENED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: