Closed Bug 1597244 Opened 4 years ago Closed 4 years ago

An error is received when loading a website with a smart card installed certificate

Categories

(Core :: Security: PSM, defect)

Desktop
All
defect
Not set
normal

Tracking

()

RESOLVED INVALID
Tracking Status
firefox71 --- affected
firefox72 --- affected

People

(Reporter: cbaica, Unassigned)

Details

(Keywords: regressionwindow-wanted, Whiteboard: [enterprise])

Preconditions

  • Hardware USB smart card with pre-installed client cert
  • Machine with OpenSC installed

OpenSC install kit from here.
Tutorial to install OpenSC here.

Affected versions

  • Fx71.0b10
  • Fx72.0a1

Affected platforms

  • Windows 10
  • macOS 10.13
  • Ubuntu 18.04
  • Windows 7

Steps to reproduce

  1. Launch Firefox.
  2. Navigate to about:preferences > Privacy & Security > Security Devices > Load and browse to "opensc-pkcs11.so".
  3. Navigate to https://badssl.com
  4. Scroll down to the 'Client Certificate' section and click on 'Client'.
  5. Input the password.

Expected result

  • A green page is loaded (successful website load).

Actual result

  • A '400 BAD REQUEST' error is received.

Regression range

  • Will come back with a regression range ASAP.

Additional notes

  • Should we be using OpenSC PKCS#12 or the wiki suggested one PKCS#11?
Has Regression Range: --- → no
Has STR: --- → yes
Whiteboard: [enterprise]

The priority flag is not set for this bug.
:wleung, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(wleung)

Feels more like PSM to me

Component: Security → Security: PSM
Flags: needinfo?(wleung)
Product: Firefox → Core

Have you determined the regression range?

Flags: needinfo?(cristian.baica)

I've tried a regression range and went back as far as Fx59.0a1 with the issue still being reproducible, but this shouldn't have happened because I remember running the exact same tests in Fx60 'bracket' (between Fx60 and Fx69) and everything was fine.

My best guess here is, that something was changed in the website rather than in Firefox, because the yubikey is correctly installed and the password is correctly required when trying to access the 'Client' sub-section.

Flags: needinfo?(cristian.baica)

Sounds like this isn't an issue in Firefox, then.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.