Bug ID 1071298
Summary openSUSE Firefox-57 can't use x509 client authentication
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Firefox
Assignee bnc-team-mozilla@forge.provo.novell.com
Reporter duge@pre-sense.de
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

I hope this is the right place for this.


If I use Firefox-57 from the download.opensuse.org Mozilla repo on openSUSE
42.3, I can't use x509 client authentication anymore.

https://download.opensuse.org/repositories/mozilla/openSUSE_Leap_42.3/

Instead of a dialog asking me to choose a certificate, I'm getting this
message:
| Secure Connection Failed
|
| An error occurred during a connection to intern.pre-sense.de. SSL peer
| was unable to negotiate an acceptable set of security parameters.
| Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT
|
|     The page you are trying to view cannot be shown because the
| authenticity of the received data could not be verified.
|     Please contact the website owners to inform them of this problem.
ATTENTION: This is the same message, as if you don't have any x509 client
certificate installed in Firefox. So make sure to import your certificate into
Firefox before testing.


For testing create an account at https://www.cacert.org, get a certificate and
enable it for authentication with CaCert. Then try to login via client
certificate.

It's not working with:
- Firefox-57 from
https://download.opensuse.org/repositories/mozilla/openSUSE_Leap_42.3/

It's working with:
- The official Firefox-52.5.0 from openSUSE-42.3
- Firefox-57 downloaded directly from Mozilla:
https://ftp.mozilla.org/pub/firefox/releases/57.0.1/linux-x86_64/
- The official Firefox-57.0.1 on
openSUSE-Tumbleweed-KDE-Live-x86_64-Snapshot20171204-Media.iso


I installed the following packages from the download.opensuse.org Mozilla repo
(also tested with Firefox-57.0.1 before a few minutes):
MozillaFirefox-57.0-4.2.x86_64
MozillaFirefox-branding-openSUSE-45-3.1.x86_64
MozillaFirefox-translations-common-57.0-4.2.x86_64
libnsssharedhelper0-1.0.10-1.1.x86_64
libsoftokn3-3.33-2.1.x86_64
libfreebl3-3.33-2.1.x86_64
mozilla-nspr-4.17-1.1.x86_64
mozilla-nspr-devel-4.17-1.1.x86_64
mozilla-nss-3.33-2.1.x86_64
mozilla-nss-devel-3.33-2.1.x86_64
mozilla-nss-certs-3.33-2.1.x86_64


I maybe got one little clue what's wrong:

In Firefox-57 from mozilla.org and Tumbleweed-20171204
  Settings -> Advanced -> Certificates -> Security Devices -> Software Security
Device -> Status
says: Ready

In Firefox-57 from that download.opensuse.org Mozilla repo Status says: Not
Logged In
If I click "Log In" Firefox asks for the master password and aftrwards the
status is "Logged In". But I don't get status "Ready".

Additionally in Firefox-52.5.0 from the normal openSUSE-42.3 repos, the value
for "FW Version" is "6.0". But for Firefox-57 from mozilla.org,
download.opensuse.org->mozilla and Tumbleweed-20171204 "FW Version" is "0.0".
Nevertheless, Firefox-57 from mozilla.org and Tumbleweed are working fine for
x509 client authentication.

You are receiving this mail because: