Opened 12 years ago

#723 closed defect (User disappeared)

Extension blocks PCKS#12 certificate imports

Reported by: Synapse Owned by:
Priority: Low Milestone:
Component: Applications/Torbutton Version: 1.1
Severity: Keywords:
Cc: Synapse Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


When trying to import a password protected PCKS#12 certificate with TorButton enabled you get a message stating "Failed to restore the PKCS #12 file for unknown reasons."
The error console reports:

Error: [Exception... "'Out' argument must be an object arg 1 [nsICertificateDialogs.getPKCS12FilePassword]" nsresult: "0x80570002 (NS_ERROR_XPC_NEED_OUT_OBJECT)" location: "JS frame :: file:///Users/markbristow/Library/Application%20Support/Firefox/Profiles/392i7tem.default/extensions/%7Be0204bd5-9d31-402b-a99d-a6aa8ffebdca%7D/components/certDialogsOverride.js :: anonymous :: line 87" data: no]
Source File: file:///Users/<snip>/Library/Application%20Support/Firefox/Profiles/<snip>.default/extensions/%7Be0204bd5-9d31-402b-a99d-a6aa8ffebdca%7D/components/certDialogsOverride.js
Line: 87

Workaround is disable torbutton, install cert, re-enable extension.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Attachments (1)

torbutton-1.2.0rc6-dev.xpi (192.2 KB) - added by mikeperry 12 years ago.
Torbutton dev snapshot with potential fix

Download all attachments as: .zip

Change History (8)

comment:1 Changed 12 years ago by mikeperry

What is the easiest way to create a password-protected PCKS#12 cert that will trigger this bug? Can I make
them with openssl? or can firefox create them if I just export a server cert and save it with a password? Or
does it have to be a client cert?

comment:2 Changed 12 years ago by Synapse

You can use TinyCA to export one or just export a server cert into PCSK12 with a password. I don't know if FF or OpenSSL will work.

comment:3 Changed 12 years ago by mikeperry

I just used TinyCA2 to create a CA cert and successfully imported it with Tor enabled.

Can you either add an attachment with a certificate that triggers this error, or email me one? My email is mikeperry on fscked \ org.

comment:4 Changed 12 years ago by facero

I think that it will be interesting to see these Mozilla / Firefox bugs:


Last version of Torbutton is preventing to import or export a certificate from or to a file .p12. No problems if you create a certificate from the web, but in this case, you cannot export it for a backup.

I agree with workaround proposed, you can disable Torbutton, install, or make a copy of your cert and re-enable plug-in.

This problem only affects to certificates with private key, not t public keys certificates of a CA. I almost finished crazy looking for this problem, Firefox doesn't support very good error messages and usually say "for unknown causes".

Please, let me know if you need more information about this.

Best regards.

comment:5 Changed 12 years ago by mikeperry

I just tried the certificate in comment #2 of mozilla Bug 440033, and I still can't import it even after I completely
uninstall torbutton on FF3, and even create a fresh FF3 profile. This makes me think that particular cert has other
problems unrelated to Torbutton.

Can you attach a dummy cert that triggers this exact problem? (Can't install with Tor enabled, but can with Tor
disabled?) I still lack a reproduction case...

comment:6 Changed 12 years ago by mikeperry

Alright, well I'll take a shot in the dark and remove this component I hooked for certification isolation
(which is disabled due to an unrelated Firefox bug). Could someone please try the attached snapshot
and let me know if it fixes the issue?

Changed 12 years ago by mikeperry

Attachment: torbutton-1.2.0rc6-dev.xpi added

Torbutton dev snapshot with potential fix

comment:7 Changed 12 years ago by mikeperry

flyspray2trac: bug closed.
Assuming this is fixed, as we no longer touch the relevant component.

Note: See TracTickets for help on using tickets.