sec_error_bad_der due to empty SAN

RESOLVED DUPLICATE of bug 1143085

Status

()

--
major
RESOLVED DUPLICATE of bug 1143085
4 years ago
4 years ago

People

(Reporter: vladimirtt, Unassigned)

Tracking

37 Branch
All
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

4 years ago
Created attachment 8596546 [details]
sec_error_bad_der.png

User Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:12.0) Gecko/20100101 Firefox/12.0
Build ID: 20131015173630

Steps to reproduce:

I have tried to access over HTTPS an intranet site (a company internal one).


Actual results:

I've got the following error:

Secure Connection Failed

An error occurred during a connection to login.prod.partygaming.local. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der) 


Expected results:

The site should load successfully.

It is loaded successfully when accessed with Fire Fox 30, Chrome 42 and Internet Explorer 11.
(Reporter)

Comment 1

4 years ago
The issue is confirmed to happen with Firefox 37.0.2 on Mac OS X and Windows 7.
(Reporter)

Updated

4 years ago
Severity: normal → major
OS: Unspecified → Windows 7
Hardware: Unspecified → All

Comment 2

4 years ago
This might be a duplicate of Bug 1148766... Can you check your certs (e.g. using openssl like in Bug 1148766 comment 22) to see if they contain Subject Alternative Name entries IPs specified as DNS entries?
Flags: needinfo?(vladimirtt)
(Reporter)

Comment 3

4 years ago
Created attachment 8597156 [details]
empty_san.png
Flags: needinfo?(vladimirtt)
(Reporter)

Comment 4

4 years ago
I would not say this is a duplicate of Bug 1148766, but it might be related (Bug 1148766 concerns Firefox 37, but i have faced the issue on Firefox 36 as well).

The end-entity certificate has a SAN extension, but it is empty (for some reason our internal CA generates certificates this way, but it has never been an problem so far with Firefox or any other browser).

OpenSSL shows:

     X509v3 Subject Alternative Name: 
         <EMPTY>


Please check the attached screen-shot (empty_san.png) about how Chrome on Mac OS X shows it.

Comment 5

4 years ago
Ah, in this case this is probably Bug 1143085. Could you try on Firefox 38 or above?
Flags: needinfo?(vladimirtt)
(Reporter)

Comment 6

4 years ago
Both bugs seem the same. Let me try FF 38 and i'll provide a confirmation.
Flags: needinfo?(vladimirtt)
(Reporter)

Comment 7

4 years ago
I have tried with Firefox 38.0b6 and it works as before Firefox 36, e.g. the issue does not happen with Firefox 38.

You can mark this bug as a duplicate of Bug 1143085.

When is the expected release date of Firefox 38 ?

Comment 8

4 years ago
(In reply to vladimirtt from comment #7)
> I have tried with Firefox 38.0b6 and it works as before Firefox 36, e.g. the
> issue does not happen with Firefox 38.
> 
> You can mark this bug as a duplicate of Bug 1143085.

Thanks for testing.

> When is the expected release date of Firefox 38 ?

Currently scheduled for release the week of 2015-05-12: https://wiki.mozilla.org/RapidRelease/Calendar
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Component: Untriaged → Security: PSM
Product: Firefox → Core
Resolution: --- → DUPLICATE
Summary: Secure Connection Failed -- security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der) → sec_error_bad_der due to empty SAN
Duplicate of bug: 1143085
You need to log in before you can comment on or make changes to this bug.