1137432 - wildcard domain name matching fails with an underscore in the subdomain

Status: RESOLVED DUPLICATE of bug 1136616

(Core :: Security, defect)

Description

[wweilep]

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Build ID: 20150222232811

Steps to reproduce:

Attempted to view ssl content on a subdomain with an underscore in the subdomain portion of the url.

In this case, I am using s3 on aws.
https://a_b.amazonaws.com/public/images/image.jpg will return:

a_b.s3.amazonaws.com uses an invalid security certificate. The certificate is only valid for the following names: *.s3.amazonaws.com, s3.amazonaws.com (Error code: ssl_error_bad_cert_domain)

But if you alternately use other characters such as a dash ( a-b.s3.amazonaws.com ) the certificate successfully validates.

The wildcard ssl was properly tested to be working correctly in 31 Branch, and 33 Branch, but broken in 36 Branch.  We suspect 35 Branch was working, but have not yet confirmed.


Actual results:

ssl_error_bad_cert_domain

full text:
a_b.s3.amazonaws.com uses an invalid security certificate. The certificate is only valid for the following names: *.s3.amazonaws.com, s3.amazonaws.com (Error code: ssl_error_bad_cert_domain)


Expected results:

Wildcard SSL Certificate successfully verified, content displayed.

Comment 1

[wweilep]

I made a slight mistake when typing the test case url, https://a_b.amazonaws.com/public/images/image.jpg should actually be https://a_b.s3.amazonaws.com/public/images/image.jpg (missed an entire subdomain level of .s3. ).

Comment 2

[bjorn]

Related: https://bugzilla.mozilla.org/show_bug.cgi?id=1136838

Comment 3

[bjorn]

Another test url: https://sand_object_assets.s3.amazonaws.com/ff36-bug1136838-bjorn/test.gif

Comment 4

[Dana Keeler (she/her) (use needinfo) [:keeler]]

Thanks for filing this. We're tracking the issue in bug 1136616.