Certificate details not shown when accessing site with expired certificate via IP address

NEW
Unassigned

Status

()

Firefox
Security
P5
normal
a year ago
7 months ago

People

(Reporter: johannh, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(It's a bit hard to reproduce this, I just wanted to note it)

STR:

- Type 98.139.183.24 into your URL bar.
- Wait until the certificate error appears (they might eventually fix it).
- Click on "Advanced".
- Notice that it says "The certificate expired on 6 January 2017 at 00:59."
- Click on the cert error.
- No cert details.

Note that this works fine if you enter https://98.139.183.24/ but it shows a different cert error.

Comment 1

7 months ago
[herrold@centos-7 ~]$ host 98.139.183.24
24.183.139.98.in-addr.arpa domain name pointer ir2.fp.vip.bf1.yahoo.com

if this is served by a 'name virtual hoist' such as in apache , the use of a IP rather than a name will affect what certificate is returned

> With name-based virtual hosting, the server relies on the client to report the hostname as part of the HTTP headers. Using this technique, many different hosts can share the same IP address.

see eg: https://httpd.apache.org/docs/2.4/vhosts/name-based.html

in this case the returned certificate is for:

98.139.183.24 uses an invalid security certificate.

The certificate is only valid for the following names:
  *.www.yahoo.com, add.my.yahoo.com, *.att.yahoo.com, att.yahoo.com, au.yahoo.com, be.yahoo.com, brb.yahoo.com, br.yahoo.com, ca.my.yahoo.com, ca.rogers.yahoo.com, ca.yahoo.com, ddl.fp.yahoo.com, de.yahoo.com, en-maktoob.yahoo.com, espanol.yahoo.com, es.yahoo.com, fr-be.yahoo.com, fr-ca.rogers.yahoo.com, frontier.yahoo.com, fr.yahoo.com, gr.yahoo.com, hk.yahoo.com, hsrd.yahoo.com, ideanetsetter.yahoo.com, id.yahoo.com, ie.yahoo.com, in.yahoo.com, it.yahoo.com, maktoob.yahoo.com, malaysia.yahoo.com, my.yahoo.com, nz.yahoo.com, ph.yahoo.com, qc.yahoo.com, ro.yahoo.com, se.yahoo.com, sg.yahoo.com, tw.yahoo.com, uk.yahoo.com, us.yahoo.com, verizon.yahoo.com, vn.yahoo.com, www.yahoo.com, yahoo.com, za.yahoo.com, zed.yahoo.com  

Error code: SSL_ERROR_BAD_CERT_DOMAIN

none match *.bf1.yahoo.com, nor *.yahoo.com

This seems unremarkable and not a bug  -- your thoght?
Flags: needinfo?(jhofmann)
Yes, as I mentioned:

> Note that this works fine if you enter https://98.139.183.24/ but it shows a different cert error.

I can't access the broken state anymore, but this seems to affect expired certificates.
Flags: needinfo?(jhofmann)
Priority: -- → P5
Summary: Certificate details not shown when accessing site with invalid certificate via IP address → Certificate details not shown when accessing site with expired certificate via IP address
You need to log in before you can comment on or make changes to this bug.