1137331 - Firefox 36.0 reporting invalid certificate for domain names with underscores

Status: RESOLVED DUPLICATE of bug 1136616

(Firefox :: Untriaged, defect)

Description

[Vijay Katam]

Attachment: Mozilla CA list with signature highlighted

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:36.0) Gecko/20100101 Firefox/36.0
Build ID: 20150222232811

Steps to reproduce:

Browse https://iqh_public.s3.amazonaws.com/ or https://my_portal.stagingiqhealth.com/


Actual results:

Firefox 36 is reporting invalid security certificate(Error code: ssl_error_bad_cert_domain) when trying to go to https://iqh_public.s3.amazonaws.com but request to https://bagwati.s3.amazonaws.com/ goes through. 

Both sites use a wildcard certificate that is valid for *.s3.amazonaws.com and s3.amazonaws.com. I also checked included CA's for firefox(https://wiki.mozilla.org/CA:IncludedCAs) and signature for the certificate is included(see screenshot). Same issue for https://my_portal.stagingiqhealth.com/ whereas a request to https://myiuhealth.stagingiqhealth.com/ goes through and both the same wildcard certificate


Expected results:

Firefox should trust certificate for domain names with underscores considering that they are valid domain names according to RFC 2181(https://tools.ietf.org/html/rfc2181) section 11, "Name syntax".

Comment 1

[Vijay Katam]

Attachment: invalid cert for underscore domain

Comment 2

[Vijay Katam]

Attachment: valid certificate for domain with no underscore

Comment 3

[Steven]

I don't think that this is a bug.

Check rfc1034 - section 3.5. Preferred name syntax

https://tools.ietf.org/html/rfc1034