Open
Bug 512437
Opened 15 years ago
Updated 2 years ago
provide better error message when client cert authentication fails
Categories
(Core :: Security: PSM, enhancement, P3)
Tracking
()
UNCONFIRMED
People
(Reporter: hauser, Unassigned)
References
Details
(Whiteboard: [psm-auth][psm-backlog])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) When authenticating to a https site where the browser has no certificate-issuin-CAs in common with the server's tomcat5.5, the browser shows <<Secure Connection Failed An error occurred during a connection to 192.168.1.185:8443. SSL peer cannot verify your certificate. (Error code: ssl_error_bad_cert_alert) The page you are trying to view can not be shown because the authenticity of the received data could not be verified.>> To be useful, the message should list 1) the permitted CA list the server sent 2) the issuing CAs of the client-certs installed in the browser per leaf-cert DN Reproducible: Always Steps to Reproduce: do not have a certificate in your browser, login on a site that requires certificates
Updated•15 years ago
|
Assignee: nobody → kaie
Component: Security → Security: UI
Product: Firefox → Core
QA Contact: firefox → ui
Version: unspecified → Trunk
Comment 1•15 years ago
|
||
Usually that happens also when there is NO client certificate matching or even installed into the browser. "SSL peer cannot verify your certificate" is highly misleading. Initially I thought this is a dup, but couldn't find one.
The Tunderbird/Seamonkey error messages often are not very helpful or do not occur. For example in comparison with the Mail-Client Becky: Example 1: Error: GMX-POP-Server could not be used because registration was not fully finisched Becky said: -ERR may not use our POP TB/SM said: Nothing. They just acted if there was no new mail in the inbox. Example 2: Error: Wrong settings with SSL or Authentification on an Yahoo POP or SMTP-Server Becky said: "A communication problem occured on sending mail. The server or the network may be having a trouble." TB/SM: They tried for half a minute and then noticed some server timeout. I also noticed with other settings (especially wrong ports or SSL settings) that Becky showed up the correct error quite soon wile TB/SM tried around and then just mentiond a timeout or sudden loss of connection. This affected the Thunderbird 2.0.0.23 as well as Seamonkey 2.0.
Comment 3•14 years ago
|
||
Mass change owner of unconfirmed "Core:Security UI/PSM/SMime" bugs to nobody. Search for kaie-20100607-unconfirmed-nobody
Assignee: kaie → nobody
Updated•14 years ago
|
Whiteboard: [psm-clientauth]
Updated•14 years ago
|
Whiteboard: [psm-clientauth] → [psm-auth]
Component: Security: UI → Security: PSM
Priority: -- → P3
Whiteboard: [psm-auth] → [psm-auth][psm-backlog]
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•