Bug 6211 - (int-147083) Installed root certificates not used until browser restarted.
(int-147083)
: Installed root certificates not used until browser restarted.
Status: NEW
Product: Browser
MicroB engine
: 5.0/(1.2009.42-11)
: N900 Maemo
: Low minor (vote)
: ---
Assigned To: Oleg Romashin
: microb-bugs
:
: security
:
:
  Show dependency tree
 
Reported: 2009-11-16 19:13 UTC by Lucas Maneos
Modified: 2009-11-18 14:28 UTC (History)
1 user (show)

See Also:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description Lucas Maneos (reporter) 2009-11-16 19:13:03 UTC
SOFTWARE VERSION:
1.2009.42-11

STEPS TO REPRODUCE THE PROBLEM:
1. Start browser.
2. Visit <http://www.cacert.org/index.php?id=3>
3. Tap the "Root Certificate (DER Format)" link under "Class 1 PKI key" (the
PEM links produce unpredictable results which may be another bug).
4. Tap "Open with Certificate manager".
5. Verify the certificate details (exercise left to the paranoid reader) and if
correct tap "Install".
6. Select at least "Server" purpose.
7. Visit a page hosted on an https server with a certificate signed by the
above root certificate, such as <https://www.cacert.org/>.

EXPECTED OUTCOME:
The installed certificate is available and used immediately to verify sites'
identities.

ACTUAL OUTCOME:
(Note: the following is from scratchbox as I no longer have the original output
on the device and can't reproduce for obvious reasons):

Secure Connection Failed

www.cacert.org uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.

(Error code: sec_error_unknown_issuer)

REPRODUCIBILITY:
Always, until browser is closed and re-opened.

EXTRA SOFTWARE INSTALLED:
Just openssh-server at the moment, this is fresh after a complete reflash.

OTHER COMMENTS:
Not a big deal, but it can give the impression that the certificate was not
installed, or that there is a monkey-in-the-middle attack taking place.  If
it's too hard to make newly-installed certificates used in the current browser
session, perhaps a warning could be shown informing the user that the browser
needs to be restarted after certificate installation.
Comment 1 timeless 2009-11-16 21:27:06 UTC
Heh.