Closed Bug 950538 Opened 11 years ago Closed 7 years ago

Server certificate tab only shows some distrusted certs

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86_64
Windows 8
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 733716

People

(Reporter: dveditz, Unassigned)

References

Details

(Whiteboard: [psm-backlog])

In the Certificate Manager dialog (in Firefox, Options->Advanced->Certificates->View Certificates) the "Servers" tab shows any cert overrides the user has made, and also shows /some/ of the explicitly distrusted certificates but not others. Shown: Diginotar roots, addons.mozilla.org leaf cert from the comodogate hack. Not shown: Turktrust MITM intermediate, DG Tresor intermediate In particular none of the distrusted certs from recent hacking incidents show up. Some users find this concerning: https://blog.mozilla.org/security/2013/12/09/revoking-trust-in-one-anssi-certificate/comment-page-1/#comment-111260 All of the certs appear in the certdata file. I'm not sure what the UI uses to determine which ones to show. Was surprised to see both roots and leaf certs but not the distrusted intermediates. DigiNotar Cyber CA (shown) https://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt#24072 bogus addons.mozilla.org (shown) https://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt#20138 DG Tresor (not shown) https://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt#13492 Just a guess, but it looks like the ones that are shown have both a Certificate and a Trust section, but the ones not shown only have a Trust section. Do we not have enough information to create the certificate part?
(In reply to Daniel Veditz [:dveditz] from comment #0) > Just a guess, but it looks like the ones that are shown have both a > Certificate and a Trust section, but the ones not shown only have a Trust > section. Do we not have enough information to create the certificate part? We will remove the Certificate parts in bug 829677.
Depends on: 829677
This bug is the opposite of bug 829677. That would seem to make it WONTFIX, not "Depends on". Or was your intent to turn this into "Create new UI (tab?) to show built-in distrust"?
Component: Security: UI → Security: PSM
See Also: → 733716
Whiteboard: [psm-backlog]
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
No longer depends on: 829677
No longer depends on: 1409872
Duplicate of bug: 733716
No longer duplicate of bug: 829677
See Also: 733716
You need to log in before you can comment on or make changes to this bug.