Closed Bug 823342 Opened 12 years ago Closed 12 years ago

Cannot import self-signed certificate from server

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(firefox20+ fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla20
Tracking Flags:
Tracking Status
firefox20 + fixed

People

(Reporter: iannbugzilla, Assigned: jdm)

References

Details

(Keywords: regression)

Attachments

(1 file)

Update reference to renamed getRecentBadCertsService method.
(deleted), patch
briansmith
: review+
Details | Diff | Splinter Review
Somewhere between 17 and 20 this has broken. STR 1. On a mail server generate a self-signed certificate (RSA 2048) and use it for SSL. 2. On client computer point at the mail server with SSL. 3. Prompted to import certificate. Actual results 1/ Certificate is not retrieved. 2/ "Confirm Security Exception" button is disabled. Expected results 1/ Certificate is retrieved. 2/ Can add a security exception. Using openssl s_client from the client computer shows the certificate can be successfully retrieved.
2012-11-19-00-30-11 works 2012-12-19-00-30-27 fails
2012-12-03-00-30-11 works 2012-12-11-00-30-44 works 2012-12-13-00-30-11 fails 2012-12-15-00-30-13 fails Unfortunately there are no linux builds from 2012-12-12 to test. http://hg.mozilla.org/mozilla-central/pushloghtml?startdate=2012-12-11+00%3A30%3A44&enddate=2012-12-13+00%3A30%3A11 Maybe something to do with bug 769288 ? Message in error console: Timestamp: 20/12/12 02:14:27 Error: Attempted to connect to a site with a bad certificate in the add exception dialog. This results in a (mostly harmless) exception being thrown. Logged for information purposes only: [Exception... "Establishing a connection to an unsafe or otherwise banned port was prohibited" nsresult: "0x804b0013 (NS_ERROR_PORT_ACCESS_NOT_ALLOWED)" location: "JS frame :: chrome://pippki/content/exceptionDialog.js :: checkCert :: line 140" data: no] Source File: chrome://pippki/content/exceptionDialog.js Line: 148
(In reply to Ian Neal from comment #2) > 2012-12-03-00-30-11 works > 2012-12-11-00-30-44 works > 2012-12-13-00-30-11 works > 2012-12-15-00-30-13 fails Sorry, typo.
Depends on: 769288
Ack, here's the problem: http://mxr.mozilla.org/mozilla-central/source/security/manager/pki/resources/content/exceptionDialog.js#95 getRecentBadCertsService was renamed getRecentBadCerts in one of the revisions. This file should be updated.
tracking-firefox20: --- → ?
Component: Security → Security: UI
Keywords: regressionwindow-wanted
Product: MailNews Core → Core
Assignee: nobody → josh
Blocks: 769288
No longer depends on: 769288
I just ran into this under Thunderbird. I bisected Thunderbird nightly builds and found that the problem was introduced between the 2012-12-13 and 2012-12-14 builds. From the comments above, it looks like you already know what's wrong, but I thought I'd mention this just in case it's useful.
Attachment #694420 - Flags: review?(bsmith)
Comment on attachment 694420 [details] [diff] [review] Update reference to renamed getRecentBadCertsService method. Review of attachment 694420 [details] [diff] [review]: ----------------------------------------------------------------- ty.
Attachment #694420 - Flags: review?(bsmith) → review+
https://hg.mozilla.org/mozilla-central/rev/0e08a2cc3b07
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: