Certificate validation does not use Login or System keyrings

UNCONFIRMED
Unassigned

Status

()

UNCONFIRMED
8 years ago
4 months ago

People

(Reporter: kplaakso, Unassigned)

Tracking

4.0 Branch
x86
Mac OS X
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27
Build Identifier: 20110318052756

FF4 uses only the unmodifiable System Roots keyring on OSX. However, it should also use the keyrings System (all users for this Mac) and Login (this user). Now the user cannot add a new root cert which FF4 would use to certify remote servers with SSL.


Reproducible: Always

Steps to Reproduce:
1. Find a server which has a certificate which was signed using a self-signed CA certificate
2. Add the CA sertificate to Login or System keyring
3. Go to the site using https

Actual Results:  
FF4 gives the "unsecure web site, add exception" page. 

Expected Results:  
Server connection is accepted based on the CA certificate in the Login or System keyring.

This bug is especially painful when using FF4 with Selenium webdriver, since a new, blank profile is used by default, and the CA cert cannot be added to FF4 certificate store before launching.
(Reporter)

Comment 1

8 years ago
N.B.: This worked in FF3.

Updated

8 years ago
Version: unspecified → 4.0 Branch
You need to log in before you can comment on or make changes to this bug.