New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 658850 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Dec 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Chrome
Pri: 2
Type: Bug



Sign in to add a comment

view certificate details showing only OID

Reported by legendm...@gmail.com, Oct 24 2016

Issue description

UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0

Example URL:
https://hpbn.co

Steps to reproduce the problem:
1. open https://hpbn.co
2. view certificate => details
3. certificate signature algorithm, subject public key algorithm

What is the expected behavior?
OID shown

What went wrong?
no human-readable name or description for the OID

Did this work before? Yes 

Chrome version: 54.0.2840.71 (Official Build) (64-bit)  Channel: stable
OS Version: Ubuntu 16.04.1 LTS
Flash Version: Shockwave Flash 11.2 r202

I think it worked before showing the name of all the OIDs like ECDSA, not sure when it started showing only the OID
 

Comment 1 by hdodda@chromium.org, Oct 25 2016

Cc: hdodda@chromium.org
Labels: Needs-Feedback
Tested on Ubuntu 14.04 using chrome stable M54 #54.0.2840.71 and observed as attached screenshot.

Tested on earlier versions of Chrome and didn't find different OID names.

@legendmove --could you please provide us the expected result screenshot.

Thanks!


658850.png
112 KB View Download
I think it should show a human-readable name Elliptic Curve Cryptography (ECC)just like PKCS #1 RSA Encryption for older algorithms.

Comment 3 by rch@chromium.org, Oct 26 2016

Components: -Internals>Network Internals>Network>Certificate
Labels: -Needs-Feedback
Cc: mattm@chromium.org davidben@chromium.org
David: It's as simple as updating https://cs.chromium.org/chromium/src/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp?rcl=1477495967&l=186 with no IDs for ECC - we only have the RSA ones covered - but I wanted to double check to make sure that we're only missing SEC_OID_SECG_EC_SECP256R1, SEC_OID_SECG_EC_SECP384R1, and SEC_OID_SECG_EC_SECP521R1 

Are there any other sig algs you can think that are relevant?
1.2.840.10045.2.1 is actually just the generic id-ecPublicKey OID (not sure what the NSS name is). To get the curve out, we'd need to dispatch on the key type and then decode the curve from the SPKI's AlgorithmIdentifier parameters.
Owner: rsleevi@chromium.org
Status: Assigned (was: Unconfirmed)
I'll grab it and update some of the OID tables, it should be low hassle.
Cc: emilyschechter@chromium.org
Status: Started (was: Assigned)
https://codereview.chromium.org/2463703005/

Adding Emily as FYI since it affects Security>UX; pinged rolfe/ainslie on the review.
Project Member

Comment 8 by bugdroid1@chromium.org, Nov 4 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5a5a26864366257845b1fa0ce7d22dcefdf751f1

commit 5a5a26864366257845b1fa0ce7d22dcefdf751f1
Author: rsleevi <rsleevi@chromium.org>
Date: Fri Nov 04 21:06:43 2016

Update WebUI Cert Viewer with additional algorithms

Add several EC algorithms to the viewer UI, as well as those OIDs
related to EV certificates. This ensures that the WebUI version is
similarly detailed as the native UIs on Windows/OS X.

BUG= 658850 

Review-Url: https://codereview.chromium.org/2463703005
Cr-Commit-Position: refs/heads/master@{#430012}

[modify] https://crrev.com/5a5a26864366257845b1fa0ce7d22dcefdf751f1/chrome/app/generated_resources.grd
[modify] https://crrev.com/5a5a26864366257845b1fa0ce7d22dcefdf751f1/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp

Labels: M-56 OS-Chrome
Status: Verified (was: Started)

Sign in to add a comment