[Bug 957823] New: firefox does not use company certificates
http://bugzilla.suse.com/show_bug.cgi?id=957823 Bug ID: 957823 Summary: firefox does not use company certificates Classification: openSUSE Product: openSUSE Tumbleweed Version: 2015* Hardware: x86-64 OS: Linux Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: ohering@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- fresh current TW, xfce Installing the various ca-certificates-* from internal SUSE:CA repo, then running "firefox build.suse.de/imap.suse.de" will complain about untrusted connection. I see the SUSE_Trust_Root.pem in /etc/ssl/certs/. Is that supposed to be enough for firefox to use these company certificates? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=957823 Olaf Hering <ohering@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bnc-team-mozilla@forge.prov | |o.novell.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=957823 Olaf Hering <ohering@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wolfgang@rosenauer.org -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=957823 http://bugzilla.suse.com/show_bug.cgi?id=957823#c1 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS CC| |astieger@suse.com --- Comment #1 from Andreas Stieger <astieger@suse.com> --- Mozilla Firefox does not use this store. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=957823 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=957823 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=957823 http://bugzilla.suse.com/show_bug.cgi?id=957823#c3 --- Comment #3 from Wolfgang Rosenauer <wolfgang@rosenauer.org> --- Seems that the package p11-kit-nss-trust can be used to achieve this nevertheless. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=957823 http://bugzilla.suse.com/show_bug.cgi?id=957823#c4 --- Comment #4 from Olaf Hering <ohering@suse.com> --- (In reply to Wolfgang Rosenauer from comment #3)
Seems that the package p11-kit-nss-trust can be used to achieve this nevertheless.
Yes, thats true. Is there any pitfall with it, p11-kit-nss-trust instead of mozilla-nss-certs? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=957823 http://bugzilla.suse.com/show_bug.cgi?id=957823#c5 --- Comment #5 from Olaf Hering <ohering@suse.com> --- (In reply to Olaf Hering from comment #4)
(In reply to Wolfgang Rosenauer from comment #3)
Seems that the package p11-kit-nss-trust can be used to achieve this nevertheless.
Yes, thats true. Is there any pitfall with it, p11-kit-nss-trust instead of mozilla-nss-certs?
http://lmgtfy.com/?q=%22Certificate+issuer+is+not+built-in.%22 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=957823 http://bugzilla.suse.com/show_bug.cgi?id=957823#c6 Olaf Hering <ohering@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID |--- --- Comment #6 from Olaf Hering <ohering@suse.com> --- This has to work out of the box. Patches exist to remove wrong assumptions from Mozilla. Reopen to get this done at some point. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=957823 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEW Assignee|security-team@suse.de |bnc-team-mozilla@forge.prov | |o.novell.com Summary|firefox does not use |Add option to use system |company certificates |certificate store to | |Mozilla Firefox Severity|Normal |Enhancement -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=957823 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=957823 Frederic Crozat <fcrozat@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bnc-team-mozilla@forge.prov |mozilla-bugs@suse.de |o.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=957823 Frederic Crozat <fcrozat@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|bnc-team-mozilla@forge.prov | |o.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com