[foaf-protocols] Apple bug reports
Story Henry
henry.story at bblfish.net
Tue Jun 23 12:48:52 CEST 2009
I have posted two bug reports for the Safari 4 and iphone 3.0 apps here:
http://developer.apple.com/bugreporter/
Apple sadly makes those reports secret I think. And they only respond
if enough people post reports. So if you can report a bug, or know
others who should, please do so.
Btw. be careful to save your but report before pressing the submit
button. Their server lost my data the first time I posted it.
Here they are:
bug 6993918: "iphone browser does not send client certificate on
optional request"
=
=
=
=
=
=
=
=
=
=
========================================================================
22-Jun-2009 07:04 PM Henry Story: (I had submitted a bug report
following your format, then your server lost the info.)
Summary:
-------
TLS v1 server can request certificates *optionally* from the client.
The server can also request that it NEEDS the certificate. A server
that requests the certificate optionally, can on failing to receive a
certificate, offer alternative means of logging the user in, or even
redirect him. On receiving an optional request for a certificate the
iPhone browser that has a couple of certificates will ask the user to
choose the certificate, but not send the chosen certificate to the
server.
Steps to Reproduce:
---------------
1. Get a couple of certificates on the iPhone. You can follow the
procedure here to get the certs and install them: http://blogs.sun.com/bblfish/entry/howto_get_a_foaf_ssl
(Use firefox to get the certificates, as there seems to be another
problem on Safari 4, I will report later)
2. Use a server that requests optional client certificates and
monitor the packets going over the network with WireShark. There are a
couple of certificates we have listed in the mail here with the
packets we have downloaded http://lists.foaf-project.org/pipermail/foaf-protocols/2009-June/000642.html
Actual Results:
---------------
The client will NOT send the selected certificate (or any other) to
the server. This can be verified by looking at the packets sent, or
indirectly by noticing the server's behavior be different from what it
should do.
Expected Results:
-----------------
The iPhone should send the certificate selected.
bug 6994039: "Safari 4 does not send certificate on optional request"
6993918: iphone browser does not send client certificate on optional
request
=
=
=
=
========================================================================
Summary:
-------
TLS v1 server can request certificates *optionally* from the client.
The server can also request that it NEEDS the certificate. A server
that requests the certificate optionally, can on failing to receive a
certificate, offer alternative means of logging the user in, or even
redirect him. On receiving an optional request for a certificate the
iPhone browser that has a couple of certificates will ask the user to
choose the certificate, but not send the chosen certificate to the
server.
Steps to Reproduce:
---------------
1. Get a couple of certificates on the iPhone. You can follow the
procedure here to get the certs and install them: http://blogs.sun.com/bblfish/entry/howto_get_a_foaf_ssl
(Use firefox to get the certificates, as there seems to be another
problem on Safari 4, I will report later)
2. Use a server that requests optional client certificates and
monitor the packets going over the network with WireShark. There are a
couple of certificates we have listed in the mail here with the
packets we have downloaded
http://lists.foaf-project.org/pipermail/foaf-protocols/2009-June/000642.html
Actual Results:
---------------
The client will NOT send the selected certificate (or any other) to
the server. This can be verified by looking at the packets sent, or
indirectly by noticing the server's behavior be different from what it
should do.
Expected Results:
----------------
The iPhone should send the certificate selected.
Henry
More information about the foaf-protocols
mailing list