[...]
Once you picked a given client cert to be used for a site, you cannot change it, or rather, Mozilla does not ask you to choose which cert to use.
This is a pure Mozilla crypto component, PSM, question, so redirecting to the right group.
Is it a bug?
Yes, it can be seen as such, the problem has already been raised on this group.
Is there a preference to force Mozilla to ask EVERY TIME for which cert to use?
There is none.
If not, is there a way to programmatically (via JavaScript) to make Mozilla forget about the previous choice (the choice must be stored somewhere) ?
The choice seems to be stored through the fact Mozilla reuses the same SSL connexion to connect to the server.
The crypto engine Mozilla uses, NSS, makes it possible to change the client cert used, but the PSM does not use that possibility, and it doesn't seem possible to change that from javascript ...
PS: In fact, even if the server forces renegociation of the session, Mozilla will reuse the same certificate without asking.
Earlier version (around 1.0) did not do that and would reask the user everytime.
This has been corrected later, but I don't know if it is now memorizing the client certificate at the NSS or PSM level. Finding and reading the patch that fixed that would certainly bring of lot of useful information about how it would be possible to forget the initial cert choice.
_______________________________________________
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security
