Thunderbird ask for all PINs of a FINeID smartcard although only PIN1 is needed

UNCONFIRMED
Unassigned

Status

Thunderbird
Security
UNCONFIRMED
4 years ago
2 years ago

People

(Reporter: Stefan Gofferje, Unassigned, NeedInfo)

Tracking

24 Branch
x86_64
Linux

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0 (Beta/Release)
Build ID: 2013091200

Steps to reproduce:

Use a Finnish FINeID PKCS#15 smart card via OpenSC.
Added the card as per instructions.
Selected the appropriate certificate for email-signing.


Actual results:

The Finnish FINeID card has 2 certificates of which the first is for email-signing and web-identification and the second for official signatures. Both certificate have different PINs.

On card insert or access, Thunderbird asks the PINs for both certificates, although only the first certificate is selected in identity/security options.

Signing itself works correctly.

NOTICE: Firefox has the same issue - also always asks for both PINs, no matter if only one certificate is selected! Please create a crosslink bug!


Expected results:

TB should only access certificates which are actually used/needed from a card with multiple certificates.

Comment 1

2 years ago
Stefan, can you still reproduce this when using a current version?
Flags: needinfo?(mozilla)
(Reporter)

Comment 2

2 years ago
Actually, I mostly stopped using Thunderbird because of a number of issues with signatures and others. See - among others Bug 947593.
After TB recently also started asking the smartcard PIN on startup to authenticate to IRC servers (also not requested), I dropped TB on almost all my systems.
Flags: needinfo?(mozilla)

Comment 3

2 years ago
(In reply to Stefan Gofferje from comment #2)
> ...
> After TB recently also started asking the smartcard PIN on startup to
> authenticate to IRC servers (also not requested), I dropped TB on almost all
> my systems.

Thanks Stefan.

Can you give a time frame or version number to when the behavior regressed?
Flags: needinfo?(mozilla)
You need to log in before you can comment on or make changes to this bug.