Closed Bug 1250818 Opened 9 years ago Closed 9 years ago

View Certificate: Issued By 'Organization (O)' shown incorrect

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
44 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla47
Tracking Flags:
Tracking Status
firefox47 --- fixed

People

(Reporter: kjawahark, Assigned: keeler)

References

Details

Attachments

(2 files)

Certificate Viewer
(deleted), image/png
Details
MozReview Request: bug 1250818 - remove certificate issuer organization to common name fallback r?Cykesiopka
(deleted), text/x-review-board-request
Cykesiopka
: review+
Details
Attached image Certificate Viewer (deleted) —
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:44.0) Gecko/20100101 Firefox/44.0 Build ID: 20160210153822 Steps to reproduce: View a certificate from a web server configured using a self-signed certificate which has only CN value, other DNs are left blank. Simple way to reproduce: Create a Self-Singed certificate which has only CN, others left blank Import the Certificate Preferences -> Advanced -> Certificates - View Certificates -> Authorities -> Import Import the certificate Then double click on the imported cert to view Check the 'Issued By' Common Name and Organization Actual results: The certificate has no value for 'Organization(O)' in Issuer, but it shows the 'Common Name' value in 'Organization'. Expected results: When the Self-Signed Certificate has no value on Issuer Organization, no value should be shown in the certificate view
Component: Untriaged → Security: UI
Product: Firefox → Core
Component: Security: UI → Security: PSM
Looks like this is a result of a change made in bug 316710 (see bug 316710 comment 5: "for display purposes, when a cert has no isser org, fall back to common name"). For what it's worth, this seems to be the wrong level at which to implement such a fallback (i.e. the front-end should do whatever processing is necessary - the interface level needs to provide an accurate answer when queried for various certificate properties).
Status: UNCONFIRMED → NEW
Ever confirmed: true
Before this change, if a certificate's issuer DN did not have an organization component, nsIX509Cert.issuerOrganization would fall back to using the issuer common name. This was never a good idea, because this gave misleading information to consumers of this interface. Furthermore, it appears that all consumers of this interface already do such a fallback (for display purposes) when they've determined that it's a reasonable thing to do. Review commit: https://reviewboard.mozilla.org/r/36933/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/36933/
Attachment #8724223 - Flags: review?(cykesiopka.bmo)
Assignee: nobody → dkeeler
Comment on attachment 8724223 [details] MozReview Request: bug 1250818 - remove certificate issuer organization to common name fallback r?Cykesiopka https://reviewboard.mozilla.org/r/36933/#review33583 Looks good.
Attachment #8724223 - Flags: review?(cykesiopka.bmo) → review+
https://hg.mozilla.org/mozilla-central/rev/7cfb28e22ec2
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox47: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: