FF Nightly 2014-10-25 may reject a valid certificate

RESOLVED DUPLICATE of bug 1088998

Status

()

Core
Security
RESOLVED DUPLICATE of bug 1088998
3 years ago
3 years ago

People

(Reporter: bosse200x, Unassigned)

Tracking

({regression})

36 Branch
x86
Windows 7
regression
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:36.0) Gecko/20100101 Firefox/36.0
Build ID: 20141024030200

Steps to reproduce:

Clean profile and then clean install of Firefox Nightly 2014-10-25 (on Win 7 64). Then try to open:

https://sverigesradio.se/


Actual results:

Firefox warns about:

This Connection is Untrusted
sverigesradio.se uses an invalid security certificate.
The certificate is only valid for sverigesradio.se
(Error code: ssl_error_bad_cert_domain)


Expected results:

The certificate seems indeed valid and as of Nightly 2014-10-24 everything worked as expected.
(Reporter)

Updated

3 years ago
Component: Security: PSM → Security
this looks like a dupe of bug 1089104
Confirmed the error displayed in the console, 36.0a1 (2014-10-27) Win 7 x64
But I got a different regression range:
Last good revision: 88adcf8fef83 (2014-10-23)
First bad revision: d6abb9bf43be (2014-10-24)
Pushlog:
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=88adcf8fef83&tochange=d6abb9bf43be
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: regression
See Also: → bug 1089104
Depends on: 1089104
Flags: needinfo?(brian)

Comment 3

3 years ago
The same warning is issued in the following site.

https://secure.atmel.com/myAtmel/
https://h30495.www3.hp.com/
https://hpsupport.qualtrics.com/
  (used in http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=mp-109374-3&cc=jp&dlc=ja&lc=ja&os=2100&product=4083652&sw_lang=)

Comment 4

3 years ago
The same warning is issued in the following site.
(by Firefox Nightly Build 36.0a1 (2014-10-27) )


https://secure.atmel.com/myAtmel/
https://h30495.www3.hp.com/
https://hpsupport.qualtrics.com/
  (used in http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=mp-109374-3&cc=jp&dlc=ja&lc=ja&os=2100&product=4083652&sw_lang=)
See Also: bug 1089104

Comment 5

3 years ago
(In reply to licsak from comment #4)
> The same warning is issued in the following site.
> (by Firefox Nightly Build 36.0a1 (2014-10-27) )
> 
> 
> https://secure.atmel.com/myAtmel/
> https://h30495.www3.hp.com/
> https://hpsupport.qualtrics.com/
>   (used in
> http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=mp-
> 109374-3&cc=jp&dlc=ja&lc=ja&os=2100&product=4083652&sw_lang=)

Site secure.atmel.com presented certificate for "* .atmel.com" to FIrefox Nightly .
But firefox did not recognize this certificate as be valid.
(Hereinafter the same)

This symptom does not happen in Firefox Nightly 36.0a1 (2014-10-29).

Comment 6

3 years ago
(In reply to licsak from comment #5)
> (In reply to licsak from comment #4)
> > The same warning is issued in the following site.
> > (by Firefox Nightly Build 36.0a1 (2014-10-27) )
> > 
> > 
> > https://secure.atmel.com/myAtmel/
> > https://h30495.www3.hp.com/
> > https://hpsupport.qualtrics.com/
> >   (used in
> > http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=mp-
> > 109374-3&cc=jp&dlc=ja&lc=ja&os=2100&product=4083652&sw_lang=)
> 
> Site secure.atmel.com presented certificate for "* .atmel.com" to FIrefox
> Nightly .
> But firefox did not recognize this certificate as be valid.
> (Hereinafter the same)
> 
> This symptom does not happen in Firefox Nightly 36.0a1 (2014-10-29).

Unfortunately I could not be verified for the decoded contents of SSL certificate because poor my skill. Sorry.
These certificates generally look like they have the same issue as described in bug 1089104 (i.e. using TeletexString and not having a subject alternative name extension).
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Flags: needinfo?(brian)
Resolution: --- → DUPLICATE
Duplicate of bug: 1089104
Duplicate of bug: 1088998
No longer depends on: 1089104
You need to log in before you can comment on or make changes to this bug.