Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#13353 closed defect (worksforme)

TBB 3.6.6 won't import certificate

Reported by: ZcbCkyj5 Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords:
Cc: lucha Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In Certificate Manager on the Servers tab I am trying to import a certificate. The GUI allows me to choose a file and the dialog closes but the certificate is not imported and no error dialog is shown.

I have tested the same certificate in vanilla Firefox ESR 24.8.1 and TBB 3.6.2 (the only old version I have) and both work fine.

Child Tickets

Change History (13)

comment:1 Changed 3 years ago by ZcbCkyj5

This is on Windows 7 SP1 64-bit.

comment:2 Changed 3 years ago by ZcbCkyj5

Tested TBB 3.6.3, it works fine. The change must be somewhere between 3.6.4 and 3.6.6.

comment:3 Changed 3 years ago by mcs

This is probably related to the change that was made for #12998.

comment:4 Changed 3 years ago by mcs

And possibly fixed in #13366.

comment:5 Changed 3 years ago by gk

Is that still an issue with Tor Browser 4.0? I think #13366 should have fixed this.

comment:6 Changed 3 years ago by gk

Cc: lucha added

Resolved #13539 as duplicate. Do you by chance forget to leave Private Browsing Mode befoe trying to import the certificate?

Last edited 3 years ago by gk (previous) (diff)

comment:7 in reply to:  6 ; Changed 3 years ago by lucha

Replying to gk:

Resolved #13539 as duplicate. Do you by chance forget to leave Private Browsing Mode befoe trying to import the certificate?

By "leave Private Browsing Mode" do you mean deselecting the option "Don't record browsing history or website data (enables Private Browsing Mode)" from the tor button Prefences panel? Because I can't find anything else I should disable.

If that is what you are referring to, then no, it does not allow to import new certificates even with that option disabled.

(By the way, I find a bit counter-intuitive that a "browsing mode" would affect how I interact with the preference panel, but I understand that maybe Firefox has a strange structure to store this data that makes distinguish the two things hard)

Last edited 3 years ago by lucha (previous) (diff)

comment:8 in reply to:  5 Changed 3 years ago by ln5

Replying to gk:

Is that still an issue with Tor Browser 4.0? I think #13366 should have fixed this.

I can confirm that importing certificates does not work in nightly builds from 2015-01-08. Platform 32-bit Linux (Debian), default installation without config changes or add-ons/extensions. Tested both "Authorities" and "Your Certificates".

On a side note, the following is printed on stdout. Creating the missing directories does not change the result of trying to add a certificate.

(firefox:21823): Gtk-WARNING **: Attempting to store changes into `/home/linus/tor-browser_en-US.20150108/Browser/.local/share/recently-used.xbel', but failed: Failed to create file '/home/linus/tor-browser_en-US.20150108/Browser/.local/share/recently-used.xbel.ZP04RX': No such file or directory

(firefox:21823): Gtk-WARNING **: Attempting to set the permissions of `/home/linus/tor-browser_en-US.20150108/Browser/.local/share/recently-used.xbel', but failed: No such file or directory

Please let me know if I can help track this down further. Being unable to import certificates is quite a problem.

comment:9 in reply to:  7 ; Changed 3 years ago by gk

Replying to lucha:

Replying to gk:

Resolved #13539 as duplicate. Do you by chance forget to leave Private Browsing Mode befoe trying to import the certificate?

By "leave Private Browsing Mode" do you mean deselecting the option "Don't record browsing history or website data (enables Private Browsing Mode)" from the tor button Prefences panel? Because I can't find anything else I should disable.

If that is what you are referring to, then no, it does not allow to import new certificates even with that option disabled.

You have to restart your Tor Browser for this to take effect. So, this works for me:
1) Click on the Torbutton onion -> Preferences... -> Privacy and Security Settings [Assuming you are using an alpha/nightly build]
2) Uncheck "Don't record browsing history or website data (enables Private Browsing Mode)"
3) Click on OK
4) Restart Tor Browser
5) Import a certificate (I tested that with a root CA)

lucha, ln5: Does that work for you?

If so, that is currently expected and #12998 + #13366 made this happen. If you think this behavior is wrong and you want to argue for treating the import of certificates differently (i.e. allowing to import certificates (and thus leaving traces on disc) while being in Private Browsing Mode) then this should be a new bug ticket.

Last edited 3 years ago by gk (previous) (diff)

comment:10 in reply to:  9 Changed 3 years ago by ln5

Replying to gk:

Replying to lucha:

Replying to gk:

Resolved #13539 as duplicate. Do you by chance forget to leave Private Browsing Mode befoe trying to import the certificate?

By "leave Private Browsing Mode" do you mean deselecting the option "Don't record browsing history or website data (enables Private Browsing Mode)" from the tor button Prefences panel? Because I can't find anything else I should disable.

If that is what you are referring to, then no, it does not allow to import new certificates even with that option disabled.

You have to restart your Tor Browser for this to take effect. So, this works for me:
1) Click on the Torbutton onion -> Preferences... -> Privacy and Security Settings [Assuming you are using an alpha/nightly build]
2) Uncheck "Don't record browsing history or website data (enables Private Browsing Mode)"
3) Click on OK
4) Restart Tor Browser
5) Import a certificate (I tested that with a root CA)

lucha, ln5: Does that work for you?

It does. I didn't understand this. Thank you for your thorough clarification.

For readers who like me are undereducated on the subject of "private browsing mode" I'll mention that testing indicates that the mode of the browser (private vs. non-private) selects between two sets of certificates. This means that in order to keep using certs imported in non-private mode one has to keep running the browser in non-private mode.

If so, that is the currently expected and #12998 + #13366 made this happen. If you think this behavior is wrong and you want to argue for treating the import of certificates differently (i.e. allowing to import certificates (and thus leaving traces on disc) while being in Private Browsing Mode) then this should be a new bug ticket.

Agreed.

comment:11 Changed 3 years ago by gk

Resolution: worksforme
Status: newclosed

Okay, closing this one as worksforme then.

comment:12 Changed 3 years ago by gk

Closed #14042 as duplicate of this.

comment:13 Changed 3 years ago by gk

Marked #15976 as duplicate.

Last edited 3 years ago by gk (previous) (diff)
Note: See TracTickets for help on using tickets.