Closed Bug 1350851 Opened 3 years ago Closed 3 years ago

calendar.yahoo.com doesn't send the right intermediate certificates

Categories

(Web Compatibility :: Desktop, defect, major)

defect
Not set
major

Tracking

(firefox52 unaffected, firefox-esr52 verified, firefox53 unaffected, firefox54 unaffected, firefox55 unaffected)

VERIFIED FIXED
Tracking Status
firefox52 --- unaffected
firefox-esr52 --- verified
firefox53 --- unaffected
firefox54 --- unaffected
firefox55 --- unaffected

People

(Reporter: emilghitta, Unassigned)

References

()

Details

(Keywords: regressionwindow-wanted, Whiteboard: [cert] [server] [sitewait])

Attachments

(1 file)

[Affected versions]:
Firefox 52.0.1esr (Build Id:20170316213902)
Firefox 52.0.2esr (Build Id:20170323110425)
Firefox 45.8.0esr (Build Id:20170301181722)


[Affected platforms]:

Mac OS X 10.12.
Ubuntu 16.04 64bi.
Windows 10 64 bit.
Windwos 7 64 bit.

[Steps to reproduce]:
1. Launch Firefox with a clean profile.
2. Access the https://calendar.yahoo.com/ weblink.
3. Observe that the “Insecure Connection” warning is displayed.

[Expected result]:
The  Connection is secured and the webpage is successfully loaded.

[Actual result]:
The “Insecure Connection” warning is displayed with the following error code:
SEC_ERROR_UNKNOWN_ISSUER 

https://calendar.yahoo.com/ Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: false 

[Regression range]:
I will return with a regression range as soon as possible.

[Additional notes]:
This issue is reproducible only on esr builds.
Please observe the attached video for more information.
Please note that you must use a clean profile in order to reproduce this issue.
Looks like a misconfiguration on the server side, I'm seeing a cert signed by digicert, but the server is sending (sha1) verisign intermediates.
Misconfigured server -> tech evangelism.
Component: Security → Desktop
Product: Core → Tech Evangelism
Summary: Insecure Connection warning is displayed when accessing Yahoo Calendar → calendar.yahoo.com doesn't send the right intermediate certificates
Contacted Jenny at Yahoo!
Whiteboard: [cert] [server] [sitewait]
seems fixed now:

Certificate chain
 0 s:/C=US/ST=CA/L=Sunnyvale/O=Yahoo! Inc./CN=*.calendar.yahoo.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
This is verified fixed on 52.4.1esr (BuildId:20171005074949) using Windows 10 64bit, macOS 10.11.6 and Ubuntu 16.04 64bit.
The right certificates are sent.
Status: RESOLVED → VERIFIED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.