Closed
Bug 1089519
Opened 10 years ago
Closed 10 years ago
FF Nightly 2014-10-25 may reject a valid certificate
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1088998
People
(Reporter: bosse200x, Unassigned)
Details
(Keywords: regression)
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:36.0) Gecko/20100101 Firefox/36.0 Build ID: 20141024030200 Steps to reproduce: Clean profile and then clean install of Firefox Nightly 2014-10-25 (on Win 7 64). Then try to open: https://sverigesradio.se/ Actual results: Firefox warns about: This Connection is Untrusted sverigesradio.se uses an invalid security certificate. The certificate is only valid for sverigesradio.se (Error code: ssl_error_bad_cert_domain) Expected results: The certificate seems indeed valid and as of Nightly 2014-10-24 everything worked as expected.
Comment 1•10 years ago
|
||
this looks like a dupe of bug 1089104
Comment 2•10 years ago
|
||
Confirmed the error displayed in the console, 36.0a1 (2014-10-27) Win 7 x64 But I got a different regression range: Last good revision: 88adcf8fef83 (2014-10-23) First bad revision: d6abb9bf43be (2014-10-24) Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=88adcf8fef83&tochange=d6abb9bf43be
The same warning is issued in the following site. https://secure.atmel.com/myAtmel/ https://h30495.www3.hp.com/ https://hpsupport.qualtrics.com/ (used in http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=mp-109374-3&cc=jp&dlc=ja&lc=ja&os=2100&product=4083652&sw_lang=)
The same warning is issued in the following site. (by Firefox Nightly Build 36.0a1 (2014-10-27) ) https://secure.atmel.com/myAtmel/ https://h30495.www3.hp.com/ https://hpsupport.qualtrics.com/ (used in http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=mp-109374-3&cc=jp&dlc=ja&lc=ja&os=2100&product=4083652&sw_lang=)
(In reply to licsak from comment #4) > The same warning is issued in the following site. > (by Firefox Nightly Build 36.0a1 (2014-10-27) ) > > > https://secure.atmel.com/myAtmel/ > https://h30495.www3.hp.com/ > https://hpsupport.qualtrics.com/ > (used in > http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=mp- > 109374-3&cc=jp&dlc=ja&lc=ja&os=2100&product=4083652&sw_lang=) Site secure.atmel.com presented certificate for "* .atmel.com" to FIrefox Nightly . But firefox did not recognize this certificate as be valid. (Hereinafter the same) This symptom does not happen in Firefox Nightly 36.0a1 (2014-10-29).
(In reply to licsak from comment #5) > (In reply to licsak from comment #4) > > The same warning is issued in the following site. > > (by Firefox Nightly Build 36.0a1 (2014-10-27) ) > > > > > > https://secure.atmel.com/myAtmel/ > > https://h30495.www3.hp.com/ > > https://hpsupport.qualtrics.com/ > > (used in > > http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=mp- > > 109374-3&cc=jp&dlc=ja&lc=ja&os=2100&product=4083652&sw_lang=) > > Site secure.atmel.com presented certificate for "* .atmel.com" to FIrefox > Nightly . > But firefox did not recognize this certificate as be valid. > (Hereinafter the same) > > This symptom does not happen in Firefox Nightly 36.0a1 (2014-10-29). Unfortunately I could not be verified for the decoded contents of SSL certificate because poor my skill. Sorry.
These certificates generally look like they have the same issue as described in bug 1089104 (i.e. using TeletexString and not having a subject alternative name extension).
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(brian)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•