Closed
Bug 438322
Opened 16 years ago
Closed 16 years ago
ff3 accepts wildcard cert for multiple domain components
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 159483
People
(Reporter: kajtzu, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9) Gecko/2008053008 Firefox/3.0 When accessing a site using SSL and having a wildcard certificate FF will happily load the page even if there are multiple domain components being replaced by the wildcard. RFC 2818 (HTTP over TLS) section 3.1 states: "Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com." Microsoft KB 258858 seems to kind of agree with me as well. ;-) Reproducible: Always Steps to Reproduce: Accessing beta.ipv6.fortn.net (IPv6 only service, sorry) using SSL works fine using Firefox but not using Safari. Safari complains that the certificate does not match the hostname being accessed. Actual Results: Works Expected Results: IMHO FF should complain as well.
Comment 1•16 years ago
|
||
Netscape has always worked like that, and some sites depend on it (unfortunately).
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•