Closed Bug 1044441 Opened 11 years ago Closed 11 years ago

sec_error_extension_value_invalid accessing wireless access point's web configurator

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
31 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1047177

People

(Reporter: dave, Unassigned)

References

Details

(Keywords: regression, site-compat)

Attachments

(1 file)

This is the server cert stored in Fx - presumably at the time I added it as an exception some time ago
716 bytes, text/x-vhdl
Details
User Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 (Beta/Release) Build ID: 2014072000 Steps to reproduce: This is an old Netgear prosafe ME102 wireless access point which I use every day but don't reconfigure often. I enter https://192.168.0.227 Actual results: I get: Secure Connection Failed An error occurred during a connection to 192.168.0.227. Certificate extension value is invalid. (Error code: sec_error_extension_value_invalid) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site. Expected results: I should get the login dialogue. I've had this AP for some years. It's always been accessible with Fx. I last accessed it a few months back - maybe with Fx29. I doubt if I used it with Fx30. I have Fx17 ESR on an old machine so I just tried with that. It required me to set up a permanent exception (that's normal) but it will work. I notice the cert expired in 2011 but that hasn't stopped it working up to now! This in Linux (SUSE build) but I get the same error on Windows with Fx31 I don't see how anybody can verify this unless they happen to have the same AP. Is there any diagnostics I can do? This is not a big problem for me - I can fire up Fx17 when required, but what has changed? I also have an old Netgear prosafe WG302 of similar vintage and I can access that.
Correction: it's a WG102 access point, not an ME102.
Component: Untriaged → Security: PSM
Keywords: regression, regressionwindow-wanted
Product: Firefox → Core
I am pretty sure this is a duplicate of bug 1045973.
Keywords: site-compat
Attached is the server cert for the access point stored in Fx - presumably at the time I added it as an exception some time ago.
Thank you Dave. Brian this is slightly different than bug 1045973, the certificate attached here does not have version 1, but instead version 4 which is still not defined.
Hello, I have same access point and same problem. I can confirm this. Also using different browsers works (after a warning is issued about unsafe certificate).
Hello, I just wanted to confirm that I also have the same problem connecting to a Netgear WG102. It does not work with Fx 31 on Windows 7, Ubuntu 12.04 and Android 4.4, but it works with IE on Windows 7 (telling that the certificate is not safe). And it did work with Fx 30 on the three above mentioned systems.
Chrome 36 on Windows 7 and Chromium 36 on Ubuntu 12.04 also offer to open the site when you accept the risk. It would be nice to be able to accept exceptions again.
To fellow Netgear AP users: It's an instance of bug 1047177 - see 'depends on' at the top.
Can everybody please try this again with Firefox 32 or later and report back the results?
Flags: needinfo?(dave)
Works in Fx 32 under Linux and Android.
Flags: needinfo?(dave)
I confirm it is fixed with Firefox 32 on linux. Thank you!
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
This is still not fixed. Just upgraded to 33.0 and I still get this error: Secure Connection Failed An error occurred during a connection to 192.168.2.1. The key does not support the requested operation. (Error code: sec_error_invalid_key) ___ my local router is with a self signed cert - what could possible be a security concern here and why should I pay Verisign $$ for a recognised cert, to make Firefox 33.0 work with my router that has been working for years?!? Can you please fix this? This is ridiculous...
(In reply to dian from comment #13) I am the bug reporter (just a user). This bug turned out to be a certificate which was wrongly defined as 'version 4'. Your case may be different but give a similar error. Look in Firefox options/preferences > advanced > certificates > view > server and find the certificate which applies to this router - it should have saved it when it worked. Mine is called 'NetgearHttps'. Export the certificate to a file. What I can do in linux is display the certificate in readable form: > openssl x509 -in NetgearHttps -text Certificate: Data: Version: 4 (0x3) Serial Number: 0 (0x0) If you can't do that then attach the certificate here. If your isn't version 4 then I suggest you raise a new bug - this one is fixed.
nope, my ZyXEL home wifi router appears in the server list, named under "Certificate Name" as "(Not Stored)" - which means it is not stored, it is only listed as an added exception, when it used to work, before I upgraded Firefox to v 33.0. What do I do?
(In reply to dian from comment #15) I am no expert, but that suggests to me that you're seeing a different case. In my case the server certificate /was/ stored and could be exported. I suggest you open a new bug. Give as many details as possible - the router model, what version of Fx it worked with, and a screenshot of the certificate manager screen. Does it work with another browser? X-refer to this exchange. See also bug 987637. But if the self-signed xyzel certificate is genuinely invalid then Fx will probably not accept it. Is the router firmware up to date? I assume that contains the certificate.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: