Closed
Bug 1151641
Opened 9 years ago
Closed 9 years ago
Cannot bypass SSL "sec_error_unknown_issuer" error when using hostname
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1138273
People
(Reporter: 6mjjmugn96, Unassigned)
Details
Attachments
(1 file)
1.26 KB,
application/x-x509-ca-certificate
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:37.0) Gecko/20100101 Firefox/37.0 Build ID: 20150402191859 Steps to reproduce: I am accessing an internal web server with a self-signed certificate. The device generates its own self-signed certificate and does not provide a way to use any other certificate. The certificate's CN is the server's IP address and there is a Subject Alternative Name section that contains the IP as IP Address, DNS, and in a URI. The hostname is not to be found in the certificate. (The certificate is attached.) Actual results: As of v37.0, if I access the page using a hostname in the URL, nothing happens when I click the "Add Exception" button. If I access it using the IP address in the URL, I am able to add an exception as I have been in the past. When using the hostname, the "Technical Details" are: An error occurred during a connection to <hostname>:215. Peer's Certificate issuer is not recognized. (Error code: sec_error_unknown_issuer) When using the IP address, the "Technical Details" are: 192.168.0.235:215 uses an invalid security certificate. The certificate is not trusted because it is self-signed. (Error code: sec_error_unknown_issuer) Expected results: I should be able to add an exception by pressing the "Add Exception" button on the "Untrusted Connection" page regardless of what URL is used. Through FF v36.0.4, I was able to do so.
Thank you for the detailed report. This looks like the same root cause as bug 1138273. That certificate has an entry in the subject alternative name extension that specifies "DNSName:192.168.0.235", which is not valid. We'll probably end up allowing overrides for this sort of thing.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•