Firefox on Vista does not give the correct error message when a client certificate is expired

RESOLVED INCOMPLETE
(NeedInfo from)

Status

()

Firefox
Security
RESOLVED INCOMPLETE
9 years ago
5 years ago

People

(Reporter: Paul, Unassigned, NeedInfo)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.3a1pre) Gecko/20090821 Minefield/3.7a1pre
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.3a1pre) Gecko/20090821 Minefield/3.7a1pre

If you connect to an SSL web server configured for mutual authentication, but your personal client certificate has expired, the error message thrown is wrong.  On XP, the correct error is displayed (certificate expired).  On Vista, the error name is "ssl_error_handshake_failure_alert", which doesn't tell the user what actually happened.

Reproducible: Always

Steps to Reproduce:
1. Have an expired personal certificate
2. Connect to an SSL mutual auth webserver, from a Vista client (not XP)
3. Wrong error message.
Actual Results:  
Error code: ssl_error_handshake_failure_alert

Expected Results:  
Error code: ssl_error_expired_cert_alert. 
The instructions at the bottom of the alert should also be more helpful, such as telling the user that their cert has expired and needs to be replaced, instead of the current message (contact the web site owners).

I have screen shots of both systems, XP (correct message) and Vista (wrong message) if that would help.
There should not be a difference between vista and XP.
Do you get the same wrong error message on vista if you try it with a new profile ?
http://support.mozilla.com/en-US/kb/Managing+Profiles

Comment 2

5 years ago
Perhaps the server recongises that the installed cert is out of date and terminates the connection in an unusual way, or attempts to downgrade to HTTP, hence the ssl_error_handshake_failure_alert?
Is this still an issue on Latest Versions of Nightly, Aurora or Beta?
Flags: needinfo?(paulp346)
marking incomplete due to the lack of information from the reporter.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.