[foaf-protocols] Apple bug reports

Story Henry henry.story at bblfish.net
Tue Jun 23 12:48:52 CEST 2009


I have posted two bug reports for the Safari 4 and iphone 3.0 apps here:

http://developer.apple.com/bugreporter/

Apple sadly makes those reports secret I think. And they only respond  
if enough people post reports. So if you can report a bug, or know  
others who should, please do so.

Btw. be careful to save your but report before pressing the submit  
button. Their server lost my data the first time I posted it.

Here they are:

bug 6993918: "iphone browser does not send client certificate on  
optional request"
= 
= 
= 
= 
= 
= 
= 
= 
= 
= 
========================================================================

22-Jun-2009 07:04 PM Henry Story: (I had submitted a bug report  
following your format, then your server lost the info.)
Summary:
-------
TLS v1 server can request certificates *optionally* from the client.  
The server can also request that it NEEDS the certificate. A server  
that requests the certificate optionally, can on failing to receive a  
certificate, offer alternative means of logging the user in, or even  
redirect him. On receiving an optional request for a certificate the  
iPhone browser that has a couple of certificates will ask the user to  
choose the certificate, but not send the chosen certificate to the  
server.

Steps to Reproduce:
---------------
  1. Get a couple of certificates on the iPhone. You can follow the  
procedure here to get the certs and install them: http://blogs.sun.com/bblfish/entry/howto_get_a_foaf_ssl 
  (Use firefox to get the certificates, as there seems to be another  
problem on Safari 4, I will report later)
  2. Use a server that requests optional client certificates and  
monitor the packets going over the network with WireShark. There are a  
couple of certificates we have listed in the mail here with the  
packets we have downloaded http://lists.foaf-project.org/pipermail/foaf-protocols/2009-June/000642.html

Actual Results:
---------------
  The client will NOT send the selected certificate (or any other) to  
the server. This can be verified by looking at the packets sent, or  
indirectly by noticing the server's behavior be different from what it  
should do.

Expected Results:
-----------------

The iPhone should send the certificate selected.

bug 6994039: "Safari 4 does not send certificate on optional request"

6993918: iphone browser does not send client certificate on optional  
request
= 
= 
= 
= 
========================================================================

Summary:
-------
  TLS v1 server can request certificates *optionally* from the client.  
The server can also request that it NEEDS the certificate. A server  
that requests the certificate optionally, can on failing to receive a  
certificate, offer alternative means of logging the user in, or even  
redirect him. On receiving an optional request for a certificate the  
iPhone browser that has a couple of certificates will ask the user to  
choose the certificate, but not send the chosen certificate to the  
server.

Steps to Reproduce:
---------------

  1. Get a couple of certificates on the iPhone. You can follow the  
procedure here to get the certs and install them: http://blogs.sun.com/bblfish/entry/howto_get_a_foaf_ssl 
  (Use firefox to get the certificates, as there seems to be another  
problem on Safari 4, I will report later)
  2. Use a server that requests optional client certificates and  
monitor the packets going over the network with WireShark. There are a  
couple of certificates we have listed in the mail here with the  
packets we have downloaded
http://lists.foaf-project.org/pipermail/foaf-protocols/2009-June/000642.html

Actual Results:
---------------

  The client will NOT send the selected certificate (or any other) to  
the server. This can be verified by looking at the packets sent, or  
indirectly by noticing the server's behavior be different from what it  
should do.

Expected Results:
----------------

The iPhone should send the certificate selected.

Henry



More information about the foaf-protocols mailing list