Closed
Bug 1157668
Opened 10 years ago
Closed 10 years ago
sec_error_bad_der due to empty SAN
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1143085
People
(Reporter: vladimirtt, Unassigned)
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:12.0) Gecko/20100101 Firefox/12.0
Build ID: 20131015173630
Steps to reproduce:
I have tried to access over HTTPS an intranet site (a company internal one).
Actual results:
I've got the following error:
Secure Connection Failed
An error occurred during a connection to login.prod.partygaming.local. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der)
Expected results:
The site should load successfully.
It is loaded successfully when accessed with Fire Fox 30, Chrome 42 and Internet Explorer 11.
Reporter | ||
Comment 1•10 years ago
|
||
The issue is confirmed to happen with Firefox 37.0.2 on Mac OS X and Windows 7.
Reporter | ||
Updated•10 years ago
|
Severity: normal → major
OS: Unspecified → Windows 7
Hardware: Unspecified → All
Comment 2•10 years ago
|
||
This might be a duplicate of Bug 1148766... Can you check your certs (e.g. using openssl like in Bug 1148766 comment 22) to see if they contain Subject Alternative Name entries IPs specified as DNS entries?
Flags: needinfo?(vladimirtt)
Reporter | ||
Comment 3•10 years ago
|
||
Flags: needinfo?(vladimirtt)
Reporter | ||
Comment 4•10 years ago
|
||
I would not say this is a duplicate of Bug 1148766, but it might be related (Bug 1148766 concerns Firefox 37, but i have faced the issue on Firefox 36 as well).
The end-entity certificate has a SAN extension, but it is empty (for some reason our internal CA generates certificates this way, but it has never been an problem so far with Firefox or any other browser).
OpenSSL shows:
X509v3 Subject Alternative Name:
<EMPTY>
Please check the attached screen-shot (empty_san.png) about how Chrome on Mac OS X shows it.
Comment 5•10 years ago
|
||
Ah, in this case this is probably Bug 1143085. Could you try on Firefox 38 or above?
Flags: needinfo?(vladimirtt)
Reporter | ||
Comment 6•10 years ago
|
||
Both bugs seem the same. Let me try FF 38 and i'll provide a confirmation.
Flags: needinfo?(vladimirtt)
Reporter | ||
Comment 7•10 years ago
|
||
I have tried with Firefox 38.0b6 and it works as before Firefox 36, e.g. the issue does not happen with Firefox 38.
You can mark this bug as a duplicate of Bug 1143085.
When is the expected release date of Firefox 38 ?
Comment 8•10 years ago
|
||
(In reply to vladimirtt from comment #7)
> I have tried with Firefox 38.0b6 and it works as before Firefox 36, e.g. the
> issue does not happen with Firefox 38.
>
> You can mark this bug as a duplicate of Bug 1143085.
Thanks for testing.
> When is the expected release date of Firefox 38 ?
Currently scheduled for release the week of 2015-05-12: https://wiki.mozilla.org/RapidRelease/Calendar
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Component: Untriaged → Security: PSM
Product: Firefox → Core
Resolution: --- → DUPLICATE
Summary: Secure Connection Failed -- security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der) → sec_error_bad_der due to empty SAN
You need to log in
before you can comment on or make changes to this bug.
Description
•