Issue 868330 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Jul 28
Cc:	dpa...@chromium.org
Components:	Internals>Network>Certificate Security UI>Settings
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug

Linux cert import should only apply to current profile

Project Member Reported by tnagel@chromium.org, Jul 27

Issue description

Chrome Version: 68
OS: Linux

What steps will reproduce the problem?
(1) chrome://settings/certificates --> Authorities --> Import
(2) certutil -d sql:$HOME/.pki/nssdb -L

It may be surprising to users that certificates are imported to the user's home directory and shared between all Chrome instances and profiles (and potentially other applications).

I think we should either apply imported certs to the current profile only (preferred) or let the user know they are importing for the whole OS-level user, and not just for the current Chrome profile.

What's the background for the current behavior?

Comment 1 by tnagel@chromium.org, Jul 27

Apparently NSS recommends this [1]. Maybe somewhat ironically Firefox does not adhere to that and stores imported certs on a per-profile basis, afaics.

[1] https://wiki.mozilla.org/NSS_Shared_DB_And_LINUX

Comment 2 by rsleevi@chromium.org, Jul 28

Status: WontFix (was: Untriaged)

This is WontFix, Working as Intended. It's a system service (i.e. part of LSB). This is the same as on other platforms.

Firefox's behaviour is changed in newer versions as they work to unify on the NSS Shared DB, 10 years after it was first developed. Thus, Firefox's behaviour is "broken", as acknowledged by Mozilla.

►

Issue 868330 link

Issue metadata

Linux cert import should only apply to current profile

Issue description

Comment 1 by tnagel@chromium.org, Jul 27

Comment 1 Deleted

Comment 2 by rsleevi@chromium.org, Jul 28

Comment 2 Deleted

Sign in to add a comment