[foaf-protocols] Apple bug reports

Story Henry henry.story at bblfish.net
Wed Jun 24 17:10:01 CEST 2009


On 23 Jun 2009, at 13:54, Tim Berners-Lee wrote:
> Is this the only Safari bug we know about?
> I would happy to pass our top requests on to our friends inside  
> Apple in case it would help.

So I think we have 4 issues

Two serious bugs:

- Issue 6993918: iphone browser does not send client certificate on  
optional request
which I described here:
   http://lists.foaf-project.org/pipermail/foaf-protocols/2009-June/000642.html

- Issue 6994039: Safari 4 does not send certificate on optional request
which I described here:
   http://lists.foaf-project.org/pipermail/foaf-protocols/2009-June/000645.html


A very important html enhancement:

- Enhancement request 7002094: keygen support for iPhone browser
which I summarize here:
   http://lists.foaf-project.org/pipermail/foaf-protocols/2009-June/000664.html

And a user interface enhancement that would help a lot:
- Enhancement request 7002190: enable the user to see open client side  
ssh connections and close connectio ns
   which I summarize here:
   http://lists.foaf-project.org/pipermail/foaf-protocols/2009-June/000669.html

I think Bruno Harbulot has some bug IDs that he filed some time ago  
that cover Issue 6994039, but with the previous Safari version, and  
that may be described in a way that does not mention foaf+ssl, which  
is perhaps a problem with my bug report.

	Henry


> Tim
>
>
> On 2009-06 -23, at 06:48, Story Henry wrote:
>
>> I have posted two bug reports for the Safari 4 and iphone 3.0 apps  
>> here:
>>
>> http://developer.apple.com/bugreporter/
>>
>> Apple sadly makes those reports secret I think. And they only respond
>> if enough people post reports. So if you can report a bug, or know
>> others who should, please do so.
>>
>> Btw. be careful to save your but report before pressing the submit
>> button. Their server lost my data the first time I posted it.
>>
>> Here they are:
>>
>> bug 6993918: "iphone browser does not send client certificate on
>> optional request"
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> = 
>> = 
>> = 
>> =====================================================================
>>
>> 22-Jun-2009 07:04 PM Henry Story: (I had submitted a bug report
>> following your format, then your server lost the info.)
>> Summary:
>> -------
>> TLS v1 server can request certificates *optionally* from the client.
>> The server can also request that it NEEDS the certificate. A server
>> that requests the certificate optionally, can on failing to receive a
>> certificate, offer alternative means of logging the user in, or even
>> redirect him. On receiving an optional request for a certificate the
>> iPhone browser that has a couple of certificates will ask the user to
>> choose the certificate, but not send the chosen certificate to the
>> server.
>>
>> Steps to Reproduce:
>> ---------------
>> 1. Get a couple of certificates on the iPhone. You can follow the
>> procedure here to get the certs and install them: http://blogs.sun.com/bblfish/entry/howto_get_a_foaf_ssl
>> (Use firefox to get the certificates, as there seems to be another
>> problem on Safari 4, I will report later)
>> 2. Use a server that requests optional client certificates and
>> monitor the packets going over the network with WireShark. There  
>> are a
>> couple of certificates we have listed in the mail here with the
>> packets we have downloaded http://lists.foaf-project.org/pipermail/foaf-protocols/2009-June/000642.html
>>
>> Actual Results:
>> ---------------
>> The client will NOT send the selected certificate (or any other) to
>> the server. This can be verified by looking at the packets sent, or
>> indirectly by noticing the server's behavior be different from what  
>> it
>> should do.
>>
>> Expected Results:
>> -----------------
>>
>> The iPhone should send the certificate selected.
>>
>> bug 6994039: "Safari 4 does not send certificate on optional request"
>>
>> 6993918: iphone browser does not send client certificate on optional
>> request
>> =
>> =
>> =
>> =
>> = 
>> = 
>> = 
>> =====================================================================
>>
>> Summary:
>> -------
>> TLS v1 server can request certificates *optionally* from the client.
>> The server can also request that it NEEDS the certificate. A server
>> that requests the certificate optionally, can on failing to receive a
>> certificate, offer alternative means of logging the user in, or even
>> redirect him. On receiving an optional request for a certificate the
>> iPhone browser that has a couple of certificates will ask the user to
>> choose the certificate, but not send the chosen certificate to the
>> server.
>>
>> Steps to Reproduce:
>> ---------------
>>
>> 1. Get a couple of certificates on the iPhone. You can follow the
>> procedure here to get the certs and install them: http://blogs.sun.com/bblfish/entry/howto_get_a_foaf_ssl
>> (Use firefox to get the certificates, as there seems to be another
>> problem on Safari 4, I will report later)
>> 2. Use a server that requests optional client certificates and
>> monitor the packets going over the network with WireShark. There  
>> are a
>> couple of certificates we have listed in the mail here with the
>> packets we have downloaded
>> http://lists.foaf-project.org/pipermail/foaf-protocols/2009-June/000642.html
>>
>> Actual Results:
>> ---------------
>>
>> The client will NOT send the selected certificate (or any other) to
>> the server. This can be verified by looking at the packets sent, or
>> indirectly by noticing the server's behavior be different from what  
>> it
>> should do.
>>
>> Expected Results:
>> ----------------
>>
>> The iPhone should send the certificate selected.
>>
>> Henry
>>
>> _______________________________________________
>> foaf-protocols mailing list
>> foaf-protocols at lists.foaf-project.org
>> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>



More information about the foaf-protocols mailing list