I work with some web (https) resources using client certificate authorization. For test purposes I need several client certificates. Just this week (after I've installed the third one, my main working certificate is the second one) I've discovered, that GNU IceCat function "remember selected certificate" (if necessary, I can see how it looks in English exactly) is inoperable. Reproducible: Always Steps to Reproduce: 1. Set up test https vhost (requires client certificate); 2. Generate client certificate; 3. Import it into GNU IceCat browser; 4. Check operability; 5. Generate the second client certificate; 6. Import it into browser too; 7. Set up in browser "Ask certificate" every time and "Remember choice"; 8. Reset current history and try to access test vhost selecting 1-st certificate; 9. Again reset current history in browser and try to access the test host. Actual Results: Rememebered choice is ignored, last imported certificate is suggested by default. Expected Results: Remembered choice works correctly, last selected certificate is suggested by default. $ emerge --info Portage (default/linux/x86/10.0, gcc-4.4.5, glibc-2.12.2-r0, 2.6.39-gentoo-r3 i686) Please retry with Icecat-9.0, and nss-3.13.1-r2 and get back to us, thanks!
Gone away with issued versions of IceCat. But remember client certificate choice function still inoperate in parent www-client/firefox-17.0.2 browser.
Icecat was removed many moons ago.
(In reply to comment #3) > Icecat was removed many moons ago. Looking on https://bugs.gentoo.org/show_bug.cgi?id=427186#c6 I think it is not right. The reported issue realates far not only GNU Icecat, but Gecko. On current stable www-client/firefox (17.0.4) I see exactly the same issue: memory client certificate choice function present, but don't works. If necessary, I cat make a check with www-client/seamonkey.
(In reply to Sergey S. Starikoff from comment #4) > (In reply to comment #3) > > Icecat was removed many moons ago. > > Looking on https://bugs.gentoo.org/show_bug.cgi?id=427186#c6 I think it is > not right. > > > The reported issue realates far not only GNU Icecat, but Gecko. > > On current stable www-client/firefox (17.0.4) I see exactly the same issue: > memory client certificate choice function present, but don't works. > > If necessary, I cat make a check with www-client/seamonkey. Can you still duplicate your results using latest stable and a clean profile?
(In reply to Jory A. Pratt from comment #5) > Can you still duplicate your results using latest stable and a clean profile? On =www-client/firefox-17.0.7 (amd64 build) with clean profile on production web resource issue was reproduced.
(In reply to Sergey S. Starikoff from comment #6) > (In reply to Jory A. Pratt from comment #5) > > Can you still duplicate your results using latest stable and a clean profile? > > On =www-client/firefox-17.0.7 (amd64 build) with clean profile on production > web resource issue was reproduced. I am still unable to reproduce this with thunderbird-31.3.0 If you can provide me with a better way to reproduce I would like to get this closed.
(In reply to Jory A. Pratt from comment #7) > I am still unable to reproduce this with thunderbird-31.3.0 If you can > provide me with a better way to reproduce I would like to get this closed. =www-client/firefox-31.5.3 — issue still present. Another upstream bug, describing similiar issue, was confirmed: https://bugzilla.mozilla.org/show_bug.cgi?id=634697 Last user's comment: (In reply to Tim Berners-Lee from comment #11) > I have been annoyed by this problem for years, mentioned in in talks, > discussed it with Anne van K in the TAG, and general taken it as indicating > a lack of interest at Mozilla in client-side certs. (Chrome does not have > this problem, and so is easier to use if you use client certs a lot.) At > least from the discussion here it seems to be recognized as bug -- but has > a status of "UNCONFIRMED" surprises me. So maybe it difficult to reproduce. > If it is supposed to work, where is the site->cert mapping stored? And developer's answer: (In reply to David Keeler [:keeler] (use needinfo?) from comment #12) > For what it's worth, I can reproduce the bug. You're right that client-side > certificate-related features aren't a high priority right now, since the > majority of our users don't use them. It's unfortunate, but limited > engineering resources mean we can't address everything we might want to. I've generate the certificate set for localhost server to reproduce this issue. If anybody is interested in it (and it can help them to work on this issue), I can attach that files.
If you feel I have closed your bug and it is still a current issue, please reopen and update it completely. We will not work bugs that have no ebuild in tree any longer or can not be reproduced with a current system. Thank You for your support and understanding The Mozilla Team