Closed Bug 492370 Opened 13 years ago Closed 10 years ago

Certificate exceptions sometimes not found

Categories

(Core :: Security, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 659736

People

(Reporter: Siyivan, Unassigned)

References

(Depends on 1 open bug)

Details

Attachments

(1 file, 1 obsolete file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090510 Firefox/3.6a1pre

When accessing a page with a self-signed certificate for which an exception has been added, _sometimes_ firefox 'forgets' the exception and show "This connection is untrusted message".
When going to readd it, it's remembered and you're not allowed to add the exception (so it's not that the exception were deleted from the store).

See attached screenshot.

Workaround: Choose to add the exception, get firefox to realise it knows the certificate, cancel window, reload https page.


Reproducible: Always
Attachment #376723 - Attachment is obsolete: true
This issue is still in Firefox 7.0.1 (Windows 7 64 bit). Please deliver a fix.
When you've added a permanent exception for a self-signed certificate this is sometimes forgotten at random times. The page that the certificate is self-signed is shown
and when you want to add the exception again it shows that the certificate is valid, yet you can't continue and you can't add the exception. The only way to quickly solve it is by killing firefox.exe.

Possibly related or the same:
https://bugzilla.mozilla.org/show_bug.cgi?id=524500
https://bugzilla.mozilla.org/show_bug.cgi?id=457573
I don't what the issue was in 2009.

The additional issue described in 2011 sounds like a dupe of 660749.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: CVE-2011-0082
Let's see whether the fix for bug 660749 fixes this issue, before we mark that it is a duplicate.
Status: RESOLVED → REOPENED
Depends on: CVE-2011-0082
Ever confirmed: true
Resolution: DUPLICATE → ---
What was "added" in 2011? The content of comment 4? You can even view it in the screenshot how the button to add the exception was disabled.

Niels, did you test the workaround that I mentioned?

I'm not sure the fix for bug 660749 would fix it other than by chance when touching related code. It is for "trusting less" stored certificates, this is due to "not trusting enough" (not finding the cert).
The "valid and invalid at the same time" issue is now bug 659736.
Status: REOPENED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 659736
You need to log in before you can comment on or make changes to this bug.