Open Bug 647976 Opened 12 years ago Updated 6 months ago
Certificate validation does not use Login or System keyrings
(Firefox :: Security, defect)
(Reporter: kplaakso, Unassigned)
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 Build Identifier: 20110318052756 FF4 uses only the unmodifiable System Roots keyring on OSX. However, it should also use the keyrings System (all users for this Mac) and Login (this user). Now the user cannot add a new root cert which FF4 would use to certify remote servers with SSL. Reproducible: Always Steps to Reproduce: 1. Find a server which has a certificate which was signed using a self-signed CA certificate 2. Add the CA sertificate to Login or System keyring 3. Go to the site using https Actual Results: FF4 gives the "unsecure web site, add exception" page. Expected Results: Server connection is accepted based on the CA certificate in the Login or System keyring. This bug is especially painful when using FF4 with Selenium webdriver, since a new, blank profile is used by default, and the CA cert cannot be added to FF4 certificate store before launching.
12 years ago
N.B.: This worked in FF3.
12 years ago
Version: unspecified → 4.0 Branch
6 months ago
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.