Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC

Bug 382237

Summary: Inoperable remember ssl client certificate choice function in Gecko-based browsers
Product: Gentoo Linux Reporter: Sergey S. Starikoff <Ikonta>
Component: Current packagesAssignee: Mozilla Gentoo Team <mozilla>
Status: RESOLVED OBSOLETE    
Severity: minor    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugzilla.mozilla.org/show_bug.cgi?id=523336
https://bugzilla.mozilla.org/show_bug.cgi?id=634697
Whiteboard:
Package list:
Runtime testing required: ---

Description Sergey S. Starikoff 2011-09-08 07:30:33 UTC
I work with some web (https) resources using client certificate authorization.
For test purposes I need several client certificates.
Just this week (after I've installed the third one, my main working certificate is the second one) I've discovered, that GNU IceCat function "remember selected certificate" (if necessary, I can see how it looks in English exactly) is inoperable.

Reproducible: Always

Steps to Reproduce:
1. Set up test https vhost (requires client certificate);
2. Generate client certificate;
3. Import it into GNU IceCat browser;
4. Check operability;
5. Generate the second client certificate;
6. Import it into browser too;
7. Set up in browser "Ask certificate" every time and "Remember choice";
8. Reset current history and try to access test vhost selecting 1-st certificate;
9. Again reset current history in browser and try to access the test host.
Actual Results:  
Rememebered choice is ignored, last imported certificate is suggested by default.

Expected Results:  
Remembered choice works correctly, last selected certificate is suggested by default.

$ emerge --info
Portage 2.1.10.11 (default/linux/x86/10.0, gcc-4.4.5, glibc-2.12.2-r0, 2.6.39-gentoo-r3 i686)
=================================================================
System uname: Linux-2.6.39-gentoo-r3-i686-Intel-R-_Pentium-R-_4_CPU_3.00GHz-with-gentoo-2.0.3
Timestamp of tree: Tue, 06 Sep 2011 00:45:01 +0000
app-shells/bash:          4.1_p9
dev-java/java-config:     2.1.11-r3
dev-lang/python:          2.7.1-r1, 3.1.3-r1
dev-util/cmake:           2.8.4-r1
dev-util/pkgconfig:       0.26
sys-apps/baselayout:      2.0.3
sys-apps/openrc:          0.8.3-r1
sys-apps/sandbox:         2.4
sys-devel/autoconf:       2.13, 2.68
sys-devel/automake:       1.10.3, 1.11.1
sys-devel/binutils:       2.20.1-r1
sys-devel/gcc:            4.4.5
sys-devel/gcc-config:     1.4.1-r1
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r1
sys-kernel/linux-headers: 2.6.36.1 (virtual/os-headers)
sys-libs/glibc:           2.12.2
Repositories:

gentoo
    location: /usr/portage
    sync: rsync://mirror.yandex.ru/gentoo-portage/
    priority: -1000

rion
    location: /var/lib/layman/rion
    masters: gentoo
    priority: 0

local-portage-tree
    location: /usr/local/portage
    masters: gentoo
    priority: 1

ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
ACCEPT_PROPERTIES="*"
ALSA_CARDS="intel8x0"
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol"
APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias"
ARCH="x86"
AUTOCLEAN="yes"
CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump"
CAMERAS="ptp2"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=native -pipe"
CHOST="i686-pc-linux-gnu"
CLEAN_DELAY="5"
COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog"
COLLISION_IGNORE="/lib/modules"
COLORTERM="Terminal"
CONFIG_PROTECT="/etc /etc/env.d/50glib2 /usr/share/gnupg/qualified.txt /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.2/ext-active/ /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.2/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.2/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -march=native -pipe"
C_INCLUDE_PATH="/usr/lib/oracle/10.2.0.3/client/include"
DBUS_SESSION_BUS_ADDRESS="unix:abstract=/tmp/dbus-7JpmqyeEeN,guid=d3146a9ed26506ad9d98d25f00000058"
DESKTOP_SESSION="xfce"
DISPLAY=":0.0"
DISTDIR="/var/distfiles"
EDITOR="/usr/bin/vim"
ELIBC="glibc"
EMERGE_DEFAULT_OPTS="--ask --verbose --autounmask=n"
EMERGE_WARNING_DELAY="10"
EPREFIX=""
EROOT="/"
FCFLAGS=""
FEATURES="assume-digests binpkg-logs buildsyspkg collision-protect distlocks ebuild-locks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FETCHCOMMAND="/usr/bin/wget -t 5 -T 60 --passive-ftp -O "${DISTDIR}/${FILE}" "${URI}""
FETCHCOMMAND_RSYNC="rsync -avP "${URI}" "${DISTDIR}/${FILE}""
FETCHCOMMAND_SFTP="bash -c "x=\${2#sftp://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port=22 ; exec sftp -P \${port} \"\${host}:/\${x#*/}\" \"\$1\"" sftp "${DISTDIR}/${FILE}" "${URI}""
FETCHCOMMAND_SSH="bash -c "x=\${2#ssh://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port=22 ; exec rsync --rsh=\"ssh -p\${port}\" -avP \"\${host}:/\${x#*/}\" \"\$1\"" rsync "${DISTDIR}/${FILE}" "${URI}""
FFLAGS=""
GCC_SPECS=""
GDK_USE_XFT="1"
GENTOO_MIRRORS="http://mirror.yandex.ru/gentoo-distfiles/ 		ftp://mirror.yandex.ru/gentoo-distfiles/                 http://ftp.chg.ru/pub/Linux/distributions/gentoo/                 ftp://ftp.chg.ru/pub/Linux/distributions/gentoo/ 		http://ftp.corbina.net/pub/Linux/gentoo/ 		ftp://ftp.corbina.net/pub/Linux/gentoo/"
GLADE_CATALOG_PATH=":"
GLADE_MODULE_PATH=":"
GLADE_PIXMAP_PATH=":"
GPG_AGENT_INFO="/tmp/gpg-TpgY4Q/S.gpg-agent:1655:1"
GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx"
GRUB_PLATFORMS=""
GSETTINGS_BACKEND="gconf"
GTK_PATH=":/usr/lib/gtk-2.0"
G_BROKEN_FILENAMES="1"
G_FILENAME_ENCODING="KOI8-R"
HG="/usr/bin/hg"
HOME="/home/ftn"
INFOPATH="/usr/share/info:/usr/share/binutils-data/i686-pc-linux-gnu/2.20.1/info:/usr/share/gcc-data/i686-pc-linux-gnu/4.4.5/info"
INPUT_DEVICES="keyboard mouse"
JAVAC="/etc/java-config-2/current-system-vm/bin/javac"
JAVA_HOME="/etc/java-config-2/current-system-vm"
JDK_HOME="/etc/java-config-2/current-system-vm"
KERNEL="linux"
LANG="ru_RU.KOI8-R"
LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text"
LC_ALL=""
LC_NUMERIC="C"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LESS="-R -M --shift 5"
LESSOPEN="|lesspipe.sh %s"
LIBGLADE_MODULE_PATH=":/usr/lib/libglade/2.0"
LINGUAS="ru en"
LOGNAME="ftn"
LS_COLORS="rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.pdf=00;32:*.ps=00;32:*.txt=00;32:*.patch=00;32:*.diff=00;32:*.log=00;32:*.tex=00;32:*.doc=00;32:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:"
MAIL="/var/mail/ftn"
MAKEOPTS="-j2"
MANPATH="/etc/java-config-2/current-system-vm/man:/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/i686-pc-linux-gnu/2.20.1/man:/usr/share/gcc-data/i686-pc-linux-gnu/4.4.5/man:/etc/java-config/system-vm/man/:/usr/lib/php5.2/man/:/usr/lib/php5.3/man/"
NETBEANS="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml"
NLS_LANG="russian_cis.cl8iso8859p5"
OPENGL_PROFILE="xorg-x11"
ORACLE_HOME="/usr/lib/oracle/10.2.0.3/client"
PAGER="/usr/bin/less"
PATH="/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1:/usr/i686-pc-linux-gnu/gcc-bin/4.4.5:~/bin"
PHP_TARGETS="php5-3"
PKGDIR="/usr/portage/packages"
PORTAGE_ARCHLIST="ppc sparc64-freebsd ppc-openbsd x86-openbsd ppc64 x86-winnt x86-fbsd ppc-aix alpha arm x86-freebsd s390 amd64 arm-linux x86-macos x64-openbsd ia64-hpux hppa x86-netbsd x86-cygwin amd64-linux ia64-linux x86 sparc-solaris x64-freebsd sparc64-solaris x86-linux x64-macos sparc m68k-mint ia64 mips ppc-macos x86-interix hppa-hpux amd64-fbsd x64-solaris mips-irix m68k sh x86-solaris sparc-fbsd"
PORTAGE_BINHOST_CHUNKSIZE="3000"
PORTAGE_BIN_PATH="/usr/lib/portage/bin"
PORTAGE_COMPRESS_EXCLUDE_SUFFIXES="css gif htm[l]? jp[e]?g js pdf png"
PORTAGE_CONFIGROOT="/"
PORTAGE_DEBUG="0"
PORTAGE_DEPCACHEDIR="/var/cache/edb/dep"
PORTAGE_ELOG_CLASSES="log warn error"
PORTAGE_ELOG_MAILFROM="portage@localhost"
PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}"
PORTAGE_ELOG_MAILURI="root"
PORTAGE_ELOG_SYSTEM="save_summary echo"
PORTAGE_FETCH_CHECKSUM_TRY_MIRRORS="5"
PORTAGE_FETCH_RESUME_MIN_SIZE="350K"
PORTAGE_GID="250"
PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --clearsign --yes --default-key "${PORTAGE_GPG_KEY}" --homedir "${PORTAGE_GPG_DIR}" "${FILE}""
PORTAGE_INST_GID="0"
PORTAGE_INST_UID="0"
PORTAGE_NICENESS="13"
PORTAGE_PYM_PATH="/usr/lib/portage/pym"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_RSYNC_RETRIES="-1"
PORTAGE_SANDBOX_COMPAT_LEVEL="16"
PORTAGE_SYNC_STALE="30"
PORTAGE_TMPDIR="/var/tmp"
PORTAGE_VERBOSE="1"
PORTAGE_WORKDIR_MODE="0700"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/lib/layman/rion /usr/local/portage"
PRELINK_PATH_MASK="/usr/lib/libfreebl3.so:/usr/lib/libnssdbm3.so:/usr/lib/libsoftokn3.so"
PROFILE_ONLY_VARIABLES="ARCH ELIBC KERNEL USERLAND"
PWD="/home/ftn"
PYTHONDONTWRITEBYTECODE="1"
RESUMECOMMAND="/usr/bin/wget -c -t 5 -T 60 --passive-ftp -O "${DISTDIR}/${FILE}" "${URI}""
RESUMECOMMAND_RSYNC="rsync -avP "${URI}" "${DISTDIR}/${FILE}""
RESUMECOMMAND_SSH="bash -c "x=\${2#ssh://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port=22 ; exec rsync --rsh=\"ssh -p\${port}\" -avP \"\${host}:/\${x#*/}\" \"\$1\"" rsync "${DISTDIR}/${FILE}" "${URI}""
ROOT="/"
ROOTPATH="/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1:/usr/i686-pc-linux-gnu/gcc-bin/4.4.5"
RPMDIR="/usr/portage/rpm"
RUBY_TARGETS="ruby18"
SESSION_MANAGER="/tmp/.ICE-unix/1664"
SHELL="/bin/bash"
SHLVL="3"
SSH_AGENT_PID="1655"
SSH_AUTH_SOCK="/tmp/gpg-mGWUWu/S.gpg-agent.ssh"
SUPPORT_ALSA="1"
SYNC="rsync://mirror.yandex.ru/gentoo-portage/"
TERM="xterm"
TNS_ADMIN="/etc/oracle/"
USE="X a52 ac3 acl alsa avi berkdb bold bzip2 cdr cli cracklib crypt cups cxx dbus djvu dri dvd flac fortran gdbm gif gtk iconv jpeg jpeg2k modules mp3 mudflap ncurses nls nptl nptlonly ogg openmp pam pcre pdf perl png pppd python qt3support readline session ssl sysfs tcpd tiff unicode utf8 vorbis x86 xcb xorg xulrunner zlib" ALSA_CARDS="intel8x0" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru en" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="sis" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
USER="ftn"
USERLAND="GNU"
USE_EXPAND="ALSA_CARDS ALSA_PCM_PLUGINS APACHE2_MODULES APACHE2_MPMS CALLIGRA_FEATURES CAMERAS COLLECTD_PLUGINS CROSSCOMPILE_OPTS DRACUT_MODULES DVB_CARDS ELIBC FCDSL_CARDS FOO2ZJS_DEVICES FRITZCAPI_CARDS GPSD_PROTOCOLS GRUB_PLATFORMS INPUT_DEVICES KERNEL LCD_DEVICES LINGUAS LIRC_DEVICES MISDN_CARDS NETBEANS_MODULES NGINX_MODULES_HTTP NGINX_MODULES_MAIL OFED_DRIVERS PHP_TARGETS QEMU_SOFTMMU_TARGETS QEMU_USER_TARGETS RUBY_TARGETS SANE_BACKENDS USERLAND VIDEO_CARDS XFCE_PLUGINS XTABLES_ADDONS"
USE_EXPAND_HIDDEN="CROSSCOMPILE_OPTS ELIBC KERNEL USERLAND"
USE_ORDER="env:pkg:conf:defaults:pkginternal:repo:env.d"
VIDEO_CARDS="sis"
WINDOWID="58720349"
WWW_HOME="www.ya.ru"
XAUTHORITY="/home/ftn/.Xauthority"
XDG_CONFIG_DIRS="/etc/xdg:/etc/xdg"
XDG_DATA_DIRS="/usr/local/share:/usr/share:/usr/share"
XDG_MENU_PREFIX="xfce-"
XSESSION="Xfce4"
XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
_="/usr/bin/emerge"
Comment 1 Nirbheek Chauhan (RETIRED) gentoo-dev 2012-01-28 05:14:20 UTC
Please retry with Icecat-9.0, and nss-3.13.1-r2 and get back to us, thanks!
Comment 2 Sergey S. Starikoff 2013-01-28 05:45:18 UTC
Gone away with issued versions of IceCat.

But remember client certificate choice function still inoperate in parent www-client/firefox-17.0.2 browser.
Comment 3 Jory A. Pratt gentoo-dev 2013-03-23 19:18:15 UTC
Icecat was removed many moons ago.
Comment 4 Sergey S. Starikoff 2013-03-25 06:01:00 UTC
(In reply to comment #3)
> Icecat was removed many moons ago.

Looking on https://bugs.gentoo.org/show_bug.cgi?id=427186#c6 I think it is not right.


The reported issue realates far not only GNU Icecat, but Gecko.

On current stable www-client/firefox (17.0.4) I see exactly the same issue: memory client certificate choice function present, but don't works.

If necessary, I cat make a check with www-client/seamonkey.
Comment 5 Jory A. Pratt gentoo-dev 2013-08-11 23:11:31 UTC
(In reply to Sergey S. Starikoff from comment #4)
> (In reply to comment #3)
> > Icecat was removed many moons ago.
> 
> Looking on https://bugs.gentoo.org/show_bug.cgi?id=427186#c6 I think it is
> not right.
> 
> 
> The reported issue realates far not only GNU Icecat, but Gecko.
> 
> On current stable www-client/firefox (17.0.4) I see exactly the same issue:
> memory client certificate choice function present, but don't works.
> 
> If necessary, I cat make a check with www-client/seamonkey.

Can you still duplicate your results using latest stable and a clean profile?
Comment 6 Sergey S. Starikoff 2013-08-12 13:12:03 UTC
(In reply to Jory A. Pratt from comment #5)
> Can you still duplicate your results using latest stable and a clean profile?

On =www-client/firefox-17.0.7 (amd64 build) with clean profile on production web resource issue was reproduced.
Comment 7 Jory A. Pratt gentoo-dev 2015-01-06 14:16:24 UTC
(In reply to Sergey S. Starikoff from comment #6)
> (In reply to Jory A. Pratt from comment #5)
> > Can you still duplicate your results using latest stable and a clean profile?
> 
> On =www-client/firefox-17.0.7 (amd64 build) with clean profile on production
> web resource issue was reproduced.

I am still unable to reproduce this with thunderbird-31.3.0 If you can provide me with a better way to reproduce I would like to get this closed.
Comment 8 Sergey S. Starikoff 2015-04-07 12:34:17 UTC
(In reply to Jory A. Pratt from comment #7)
> I am still unable to reproduce this with thunderbird-31.3.0 If you can
> provide me with a better way to reproduce I would like to get this closed.

=www-client/firefox-31.5.3 — issue still present.

Another upstream bug, describing similiar issue, was confirmed:
https://bugzilla.mozilla.org/show_bug.cgi?id=634697

Last user's comment:
(In reply to Tim Berners-Lee from comment #11)
> I have been annoyed by this problem for years, mentioned in in talks,
> discussed it with Anne van K in the TAG, and general taken it as indicating
> a lack of interest at Mozilla in client-side certs.   (Chrome does not have
> this problem, and so is easier to use if you use client certs a lot.)  At
> least from the discussion here it seems to be recognized as  bug -- but has
> a status of "UNCONFIRMED" surprises me.  So maybe it difficult to reproduce.
> If it is supposed to work, where is the site->cert mapping stored?

And developer's answer:
(In reply to David Keeler [:keeler] (use needinfo?) from comment #12)
> For what it's worth, I can reproduce the bug. You're right that client-side
> certificate-related features aren't a high priority right now, since the
> majority of our users don't use them. It's unfortunate, but limited
> engineering resources mean we can't address everything we might want to.

I've generate the certificate set for localhost server to reproduce this issue.
If anybody is interested in it (and it can help them to work on this issue), I can attach that files.
Comment 9 Jory A. Pratt gentoo-dev 2017-08-26 17:56:31 UTC
If you feel I have closed your bug and it is still a current issue, please reopen and update it completely. We will not work bugs that have no ebuild in tree any longer or can not be reproduced with a current system.

Thank You for your support and understanding
The Mozilla Team