Closed
Bug 1063945
Opened 10 years ago
Closed 10 years ago
Firefox 31/32: Cannot override bad cert of old router
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1063315
People
(Reporter: KaiE, Unassigned)
Details
(Keywords: regression)
Attachments
(2 files)
I have a DSL router, which I had stored in my shelf as a backup device. I don't need it anymore, so I want to connect to it, reset its connection, in order to sell it. When connecting to the router's web interface, Firefox 31 and 32 don't allow me to connect. They report SEC_ERROR_CA_CERT_INVALID, no override is offered. It's a sha1 based signature, 1024bit cert, expired in 2013, issued by verisign. However weak it is, I think Firefox should allow me to override, if I deliberately decide to do so. (I was able to override and continue the connection using another browser.)
Reporter | ||
Comment 1•10 years ago
|
||
(In reply to Kai Engert (:kaie) from comment #0) > ... so I want to connect to it, reset its connection typo: I want to reset its configuration.
Reporter | ||
Comment 2•10 years ago
|
||
I notice that there is a delay before Firefox gives up and shows the error page. In my scenario, the computer is connected directly to the router, and doesn't have any other Internet connectivity (because the purpose is to configure the router...). Does Firefox attempt to connect to the outside world, maybe for OCSP, and fails because of that?
Comment 3•10 years ago
|
||
Can you also test some old FF version? I saw this bug on FF3.0 or so when reverse DNS record of the site does not exist...
Comment 4•10 years ago
|
||
Kai: the network console in the developer tools (Ctrl-Shift-I) will at least show you if Firefox is attempting an OCSP request. In general, I think that introducing mozilla::pkix should not change particular errors from one class of UI presentation to another; if we want to make changes in that area, we should make them intentionally, not as a side effect. So if this worked before, I'd say this is a bug. Gerv
Reporter | ||
Comment 5•10 years ago
|
||
Unfortunately I had to give the router away, because the auction had already ended... I have saved a copy of the certificate that was saved by the router. Unfortunately I currently cannot reproduce. I tried to create equivalent certificates, but for my own test certificates, Firefox always allows to override. So we need to figure out which property actually triggeres this specific failure...
Reporter | ||
Comment 6•10 years ago
|
||
Reporter | ||
Comment 7•10 years ago
|
||
Reporter | ||
Comment 8•10 years ago
|
||
Ok, luckily bug 1063315 contains an URL to a site that shows this issue. I'm able to add an override with ff 24, so it's clearly a regression.
Keywords: regression
Reporter | ||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•