search

YF-GoogleCodeBackups / masterpasswordtimeoutplus

Automatically exported from code.google.com/p/masterpasswordtimeoutplus
0 stars 0 forks source link

Breaks <keygen> #31

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Sign up for StartSSL.com
2. Note that the key generated by the <keygen> tag doesn't get reliably saved 
by your browser.

What Master Password+ version?

1.16.1

On what Firefox/Thunderbird version?

Iceaweasel 10.0.2 (Debian unbranded Firefox)

On what operating system?

Debian/testing.

Original issue reported on code.google.com by stefano....@synthasite.com on 14 Mar 2012 at 3:17

GoogleCodeExporter commented 8 years ago 
And with disabled MP+ it works fine?

Original comment by van...@gmail.com on 14 Mar 2012 at 3:21

GoogleCodeExporter commented 8 years ago 
Yes

Original comment by stefano.rivera on 14 Mar 2012 at 3:22

GoogleCodeExporter commented 8 years ago 
Please provide exact step-by-step how to reproduce it. Keep in mind, I have no 
idea what that site does and what to do there.
I gather that much I'll need register there first...

Original comment by van...@gmail.com on 20 Mar 2012 at 3:14

GoogleCodeExporter commented 8 years ago 
StartSSL.com is a Certificate Authority, well known because they provide 
zero-cost 1-year certificates. They authenticate their users with a client 
certificate, generated in-browser by the <keygen tag>

Sorry, I can't provide step-by-step instructions, as the signup requires human 
verification from their side, and I already have an account.

I ran into the issue when generating a new client cert, as mine was about to 
expire. They only let me generate one per e-mail address, and I ran into this 
problem with two addresses, before disabling MP+ and successfully generating 
one.

When MP+ was enabled, the certificate was generated, (I briefly saw a 
"collecting entropy" pop-up), and they were given the public key, but the 
private key wasn't saved in my browser's certificate store.

Signup here: https://www.startssl.com/?app=11&action=true

Original comment by stefano.rivera on 20 Mar 2012 at 8:01

GoogleCodeExporter commented 8 years ago 
Just so we on the same page:
MP = Master Password - a build-in browser's feature, when enabled it works on 
it's own. Once it's logged in, it stays logged in until browser restart.

MP+ = Master Password+ - this addon, that enhances possibilities for MP, when 
disabled, it doesn't disable MP itself.

So, here are further questions to troubleshoot:
1) are your MP+ logged in or logged out at the moment generating the 
certificate? (red or green icon)
2) in case 1) is logged out, does MP+ set to block MP prompts?

Original comment by van...@gmail.com on 20 Mar 2012 at 11:37